Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample Name:setup.exe
Analysis ID:1343592
MD5:9dcbe10dc787bde1e69fca29878e6083
SHA1:6693bc9d31cd96c37bc81c9d49fec7f0948a56fe
SHA256:928dba830954eca52d25b94bc36c2e5d24b332a2cbfa8cd38802258caaa9d2c4
Infos:

Detection

Score:63
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:3
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: Dot net compiler compiles file from suspicious location
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Uses netsh to modify the Windows network and firewall settings
Yara detected Generic Downloader
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates files inside the system directory
PE file contains sections with non-standard names
Stores large binary data to the registry
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges
EXE planting / hijacking vulnerabilities found
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
DLL planting / hijacking vulnerabilities found
PE file contains an invalid checksum
Adds / modifies Windows certificates
Drops PE files
Tries to load missing DLLs
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • setup.exe (PID: 1368 cmdline: C:\Users\user\Desktop\setup.exe MD5: 9DCBE10DC787BDE1E69FCA29878E6083)
    • WebCompanionInstaller.exe (PID: 5484 cmdline: .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18282981021 --version=10.901.2.519 MD5: 4A5B051EDBC60C58D0FA08810AB2FA0A)
      • cmd.exe (PID: 5872 cmdline: "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 3024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 5868 cmdline: netsh http add urlacl url=http://+:9007/ user=Everyone MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • WebCompanion.exe (PID: 7116 cmdline: "C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo= MD5: 7BB65BB24E9A4A04E8D3423D12CF4665)
        • csc.exe (PID: 2808 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline MD5: 2B9482EB5D3AF71029277E18F6C656C0)
          • conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cvtres.exe (PID: 1056 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA00A.tmp" "c:\Users\user\AppData\Local\Temp\CSC9FF9.tmp" MD5: E118330B4629B12368D91B9DF6488BE0)
        • csc.exe (PID: 6068 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\gu1rlzui.cmdline MD5: 2B9482EB5D3AF71029277E18F6C656C0)
          • conhost.exe (PID: 6100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cvtres.exe (PID: 6348 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA903.tmp" "c:\Users\user\AppData\Local\Temp\CSCA8F2.tmp" MD5: E118330B4629B12368D91B9DF6488BE0)
        • csc.exe (PID: 880 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uld_vmts.cmdline MD5: 2B9482EB5D3AF71029277E18F6C656C0)
          • conhost.exe (PID: 2348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cvtres.exe (PID: 5036 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB3F0.tmp" "c:\Users\user\AppData\Local\Temp\CSCB3DF.tmp" MD5: E118330B4629B12368D91B9DF6488BE0)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            Click to see the 21 entries

            Sigma Signatures

            Data Obfuscation

            barindex
            Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline, CommandLine: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline, CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo= , ParentImage: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, ParentProcessId: 7116, ParentProcessName: WebCompanion.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline, ProcessId: 2808, ProcessName: csc.exe

            Snort Signatures

            Timestamp:192.168.2.16104.17.9.52497564432849740 11/16/23-14:21:53.220878
            SID:2849740
            Source Port:49756
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498374432849740 11/16/23-14:22:58.363979
            SID:2849740
            Source Port:49837
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498604432849740 11/16/23-14:23:01.817543
            SID:2849740
            Source Port:49860
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498184432849740 11/16/23-14:22:55.315927
            SID:2849740
            Source Port:49818
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499374432849740 11/16/23-14:23:14.094484
            SID:2849740
            Source Port:49937
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499564432849740 11/16/23-14:23:23.548121
            SID:2849740
            Source Port:49956
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498944432849740 11/16/23-14:23:06.133993
            SID:2849740
            Source Port:49894
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498674432849740 11/16/23-14:23:02.589272
            SID:2849740
            Source Port:49867
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499754432849740 11/16/23-14:23:26.482208
            SID:2849740
            Source Port:49975
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497304432849740 11/16/23-14:21:48.202535
            SID:2849740
            Source Port:49730
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497294432849740 11/16/23-14:21:48.164707
            SID:2849740
            Source Port:49729
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498004432849740 11/16/23-14:22:51.082711
            SID:2849740
            Source Port:49800
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497984432849740 11/16/23-14:22:51.007985
            SID:2849740
            Source Port:49798
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498834432849740 11/16/23-14:23:04.821504
            SID:2849740
            Source Port:49883
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498154432849740 11/16/23-14:22:54.740443
            SID:2849740
            Source Port:49815
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499074432849740 11/16/23-14:23:08.438996
            SID:2849740
            Source Port:49907
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497454432849740 11/16/23-14:21:50.946312
            SID:2849740
            Source Port:49745
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499534432849740 11/16/23-14:23:23.201366
            SID:2849740
            Source Port:49953
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498454432849740 11/16/23-14:23:00.067333
            SID:2849740
            Source Port:49845
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497614432849740 11/16/23-14:21:54.380445
            SID:2849740
            Source Port:49761
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497744432849740 11/16/23-14:21:56.930831
            SID:2849740
            Source Port:49774
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498554432849740 11/16/23-14:23:01.134765
            SID:2849740
            Source Port:49855
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497554432849740 11/16/23-14:21:53.196157
            SID:2849740
            Source Port:49755
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498174432849740 11/16/23-14:22:55.177089
            SID:2849740
            Source Port:49817
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497684432849740 11/16/23-14:21:55.800698
            SID:2849740
            Source Port:49768
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498684432849740 11/16/23-14:23:02.593620
            SID:2849740
            Source Port:49868
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497364432849740 11/16/23-14:21:48.963647
            SID:2849740
            Source Port:49736
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497494432849740 11/16/23-14:21:52.073139
            SID:2849740
            Source Port:49749
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497844432849740 11/16/23-14:21:59.354468
            SID:2849740
            Source Port:49784
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498464432849740 11/16/23-14:23:00.118740
            SID:2849740
            Source Port:49846
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498014432849740 11/16/23-14:22:51.949030
            SID:2849740
            Source Port:49801
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497784432849740 11/16/23-14:21:57.936682
            SID:2849740
            Source Port:49778
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498084432849740 11/16/23-14:22:53.627463
            SID:2849740
            Source Port:49808
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497274432849740 11/16/23-14:21:46.523132
            SID:2849740
            Source Port:49727
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498334432849740 11/16/23-14:22:57.695107
            SID:2849740
            Source Port:49833
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497884432849740 11/16/23-14:22:00.715926
            SID:2849740
            Source Port:49788
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498244432849740 11/16/23-14:22:56.311267
            SID:2849740
            Source Port:49824
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499244432849740 11/16/23-14:23:11.585526
            SID:2849740
            Source Port:49924
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499734432849740 11/16/23-14:23:26.371514
            SID:2849740
            Source Port:49973
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498814432849740 11/16/23-14:23:04.157579
            SID:2849740
            Source Port:49881
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497774432849740 11/16/23-14:21:57.842152
            SID:2849740
            Source Port:49777
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499164432849740 11/16/23-14:23:10.459701
            SID:2849740
            Source Port:49916
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499434432849740 11/16/23-14:23:14.583964
            SID:2849740
            Source Port:49943
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498354432849740 11/16/23-14:22:58.177087
            SID:2849740
            Source Port:49835
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497964432849740 11/16/23-14:22:50.572419
            SID:2849740
            Source Port:49796
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497694432849740 11/16/23-14:21:55.800651
            SID:2849740
            Source Port:49769
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498164432849740 11/16/23-14:22:54.742574
            SID:2849740
            Source Port:49816
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498884432849740 11/16/23-14:23:05.617099
            SID:2849740
            Source Port:49888
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498284432849740 11/16/23-14:22:56.824402
            SID:2849740
            Source Port:49828
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499134432849740 11/16/23-14:23:10.110529
            SID:2849740
            Source Port:49913
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498584432849740 11/16/23-14:23:01.672719
            SID:2849740
            Source Port:49858
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499054432849740 11/16/23-14:23:07.883360
            SID:2849740
            Source Port:49905
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497804432849740 11/16/23-14:21:58.551674
            SID:2849740
            Source Port:49780
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498574432849740 11/16/23-14:23:01.338987
            SID:2849740
            Source Port:49857
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497634432849740 11/16/23-14:21:54.790525
            SID:2849740
            Source Port:49763
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497824432849740 11/16/23-14:21:58.623848
            SID:2849740
            Source Port:49782
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497444432849740 11/16/23-14:21:50.649711
            SID:2849740
            Source Port:49744
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498764432849740 11/16/23-14:23:03.664568
            SID:2849740
            Source Port:49876
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499284432849740 11/16/23-14:23:12.157500
            SID:2849740
            Source Port:49928
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499634432849740 11/16/23-14:23:24.716822
            SID:2849740
            Source Port:49963
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497484432849740 11/16/23-14:21:52.065730
            SID:2849740
            Source Port:49748
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497864432849740 11/16/23-14:22:00.334826
            SID:2849740
            Source Port:49786
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499254432849740 11/16/23-14:23:11.585685
            SID:2849740
            Source Port:49925
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498254432849740 11/16/23-14:22:56.690231
            SID:2849740
            Source Port:49825
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52499064432849740 11/16/23-14:23:08.121055
            SID:2849740
            Source Port:49906
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497604432849740 11/16/23-14:21:54.380499
            SID:2849740
            Source Port:49760
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52497734432849740 11/16/23-14:21:56.930125
            SID:2849740
            Source Port:49773
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.16104.17.9.52498064432849740 11/16/23-14:22:52.873939
            SID:2849740
            Source Port:49806
            Destination Port:443
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            • AV Detection
            • Privilege Escalation
            • Compliance
            • Spreading
            • Networking
            • System Summary
            • Data Obfuscation
            • Persistence and Installation Behavior
            • Boot Survival
            • Hooking and other Techniques for Hiding and Protection
            • Malware Analysis System Evasion
            • Anti Debugging
            • HIPS / PFW / Operating System Protection Evasion
            • Language, Device and Operating System Detection
            • Lowering of HIPS / PFW / Operating System Security Settings
            • Stealing of Sensitive Information

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: setup.exeReversingLabs: Detection: 23%
            Source: setup.exeVirustotal: Detection: 34%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeVirustotal: Detection: 35%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\7za.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WpfAnimatedGif.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: LINKINFO.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: USP10.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\System.Data.SQLite.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: ncrypt.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\NCalc.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ucrtbased.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: winhttp.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Settings.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.WUApiLib.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUEngineS.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUSDK.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\vcruntime140d.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: security.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\acs17.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: shfolder.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Microsoft.mshtml.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: winnlsres.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: rasapi32.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: CRYPTBASE.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: rtutils.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\liblz4.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: RichEd20.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: Wldp.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Extension.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: SSPICLI.DLL
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: profapi.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: srvcli.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: ntshrui.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: cscapi.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: rasman.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: IPHLPAPI.DLL
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.Shell32.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: httpapi.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.SHDocVw.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\MozCompressor.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\DotNetZip.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\LZ4.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: SECUR32.DLL
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Esent.Interop.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: msls31.dll

            Compliance

            barindex
            Source: setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49726 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49727 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49736 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49739 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49740 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49742 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49743 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49744 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49745 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49747 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49746 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49749 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49748 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49750 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49753 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49752 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49755 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49756 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49757 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49761 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49763 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49766 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49765 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49768 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49769 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49771 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49773 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49774 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49775 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49777 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49778 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49780 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49782 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49784 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49785 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49788 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49789 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49790 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49794 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49796 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49797 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49798 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49799 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49800 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49801 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49803 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49805 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49804 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49806 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49807 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49808 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49809 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49811 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49812 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49813 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49815 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49816 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49818 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49817 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49819 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49821 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49822 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49823 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49824 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49826 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49828 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49825 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49827 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49829 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49831 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49832 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49833 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49835 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49837 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49836 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49839 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49838 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49840 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49841 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49842 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49843 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49845 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49847 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49846 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49848 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49849 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49853 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49850 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49854 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49851 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49852 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49855 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49856 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49857 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49860 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49858 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49859 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49861 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49864 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49862 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49863 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49865 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49867 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49868 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49869 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49870 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49871 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49872 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49875 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49873 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49874 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49877 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49876 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49878 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49880 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49881 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49882 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49883 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49886 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49885 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49888 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49891 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49887 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49889 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49893 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49894 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49895 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49896 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49897 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49898 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49899 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49901 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49902 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49903 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49904 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49905 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49906 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49907 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49908 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49909 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49910 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49911 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49913 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49916 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49917 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49918 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49922 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49919 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49920 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49921 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49925 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49924 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49927 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49928 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49930 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49931 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49932 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49933 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49935 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49937 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49938 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49939 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49940 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49942 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49941 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49943 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49944 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49945 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49953 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49952 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49954 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49955 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49956 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49961 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49959 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49964 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49962 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49963 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49965 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49973 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49975 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49978 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49977 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49983 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49982 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49985 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49984 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49990 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49992 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49991 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49993 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49998 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49999 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:50000 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:50003 version: TLS 1.0
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\7za.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeEXE: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WpfAnimatedGif.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: LINKINFO.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: USP10.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\System.Data.SQLite.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: ncrypt.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\NCalc.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ucrtbased.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: winhttp.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Settings.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.WUApiLib.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUEngineS.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUSDK.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\vcruntime140d.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: security.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\acs17.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: shfolder.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Microsoft.mshtml.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: winnlsres.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: rasapi32.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: CRYPTBASE.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: rtutils.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\liblz4.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: RichEd20.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: Wldp.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Extension.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: SSPICLI.DLL
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: profapi.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: srvcli.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: ntshrui.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: cscapi.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: rasman.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: IPHLPAPI.DLL
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.Shell32.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: httpapi.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.SHDocVw.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\MozCompressor.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\DotNetZip.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\LZ4.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: SECUR32.DLL
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDLL: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Esent.Interop.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeDLL: msls31.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfc97297-c877-42df-8ab4-b183ed1b315e}
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.log
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\install.txt
            Source: setup.exeStatic PE information: certificate valid
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Lavasoft\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\

            Networking

            barindex
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49727 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49730 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49729 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49736 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49744 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49745 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49749 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49748 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49755 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49756 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49760 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49761 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49763 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49768 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49769 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49773 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49774 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49777 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49778 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49780 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49782 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49784 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49786 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49788 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49796 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49798 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49800 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49801 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49806 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49808 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49815 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49816 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49817 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49818 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49824 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49825 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49828 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49833 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49835 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49837 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49845 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49846 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49855 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49857 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49858 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49860 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49868 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49867 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49876 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49881 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49883 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49888 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49894 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49906 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49905 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49907 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49913 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49916 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49925 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49924 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49928 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49937 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49943 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49953 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49956 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49963 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49973 -> 104.17.9.52:443
            Source: TrafficSnort IDS: 2849740 ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in TLS SNI 192.168.2.16:49975 -> 104.17.9.52:443
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, type: DROPPED
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 586Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 425Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 435Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 413Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 405Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 407Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 422Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 438Expect: 100-continue
            Source: global trafficHTTP traffic detected: GET /10.1.2.519/WebCompanion-10.1.2.519-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 467Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 438Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 432Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 430Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 429Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 442Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 436Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 406Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 430Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 431Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 414Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 425Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 424Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 424Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Partner.svc/GetPartnerInfo?partner=IN220101_wb HTTP/1.1Host: wc-partners.lavasoft.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: GET /Partner.svc/GetPartnerInfo?partner=IN220101_ab HTTP/1.1Host: wc-partners.lavasoft.com
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: GET /Partner.svc/GetPartnerInfo?partner=IN220101_ac HTTP/1.1Host: wc-partners.lavasoft.com
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=FirstRun&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 266Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /IPService.asmx HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://upclick.com/GetCountryISO2"Host: wsgeoip.lulusoft.comContent-Length: 238Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 240Expect: 100-continue
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49726 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49727 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49736 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49739 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49740 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49742 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49743 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49744 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49745 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49747 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49746 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49749 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49748 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49750 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49753 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49752 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49755 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49756 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49757 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49761 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49763 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49766 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49765 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49768 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49769 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49771 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49773 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49774 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49775 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49777 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49778 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49780 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49782 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49784 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49785 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49788 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49789 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49790 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49794 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49796 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49797 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49798 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49799 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49800 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49801 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49803 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49805 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49804 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49806 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49807 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49808 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49809 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49811 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49812 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49813 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49815 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49816 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49818 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49817 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49819 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49821 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49822 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49823 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49824 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49826 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49828 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49825 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49827 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49829 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49831 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49832 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49833 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49835 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49837 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49836 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49839 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49838 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49840 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49841 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49842 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49843 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49845 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49847 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49846 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49848 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49849 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49853 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49850 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49854 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49851 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49852 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49855 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49856 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49857 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49860 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49858 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49859 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49861 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49864 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49862 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49863 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49865 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49867 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49868 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49869 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49870 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49871 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49872 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49875 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49873 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49874 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49877 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49876 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49878 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49880 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49881 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49882 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49883 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49886 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49885 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49888 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49891 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49887 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49889 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49893 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49894 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49895 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49896 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49897 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49898 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49899 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49901 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49902 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49903 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49904 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49905 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49906 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49907 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49908 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49909 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49910 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49911 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49913 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49916 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49917 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49918 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49922 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49919 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49920 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49921 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49925 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49924 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49927 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49928 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49930 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49931 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49932 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49933 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49935 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49937 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49938 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49939 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49940 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49942 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49941 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49943 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49944 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49945 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49953 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49952 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49954 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49955 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49956 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49961 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49959 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49964 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49962 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49963 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49965 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49973 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49975 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49978 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49977 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49983 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49982 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49985 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49984 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49990 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49992 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49991 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49993 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49998 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:49999 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:50000 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.17.9.52:443 -> 192.168.2.16:50003 version: TLS 1.0
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
            Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
            Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
            Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
            Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
            Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
            Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
            Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
            Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 16 Nov 2023 13:21:33 GMTContent-Type: application/zipContent-Length: 11204891Connection: keep-aliveETag: "4102920859"Last-Modified: Mon, 06 Jun 2022 14:40:21 GMTCF-Cache-Status: HITAge: 2348Expires: Thu, 16 Nov 2023 17:21:33 GMTCache-Control: public, max-age=14400Accept-Ranges: bytesServer: cloudflareCF-RAY: 827009a6efaa275a-SEAData Raw: 50 4b 03 04 14 00 00 00 08 00 c1 53 c6 54 c5 0c b4 f8 a3 42 03 00 48 1f 07 00 13 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 2f 37 7a 61 2e 65 78 65 ec bd 79 78 54 45 d6 38 7c 7b 49 d2 59 48 27 40 43 58 c4 56 5b 8d 84 25 63 40 93 34 68 5f d2 4d 6e 43 47 40 44 51 a3 a0 68 0b ae 18 fa b2 c8 22 d8 89 6f 3a d7 56 47 71 46 1d c7 71 de 19 e7 73 c6 65 d4 51 16 d7 ee 04 b2 b0 2f 2e 2c a3 e2 5e a1 05 59 24 24 2c b9 df 39 a7 6e 6f 49 88 3e df f3 fb fd f7 e5 79 d2 77 ab 3a 75 ea d4 a9 53 a7 4e 9d 3a 55 71 d3 93 82 41 10 04 23 fc ab aa 20 ac 13 f8 9f 43 f8 f5 3f 06 ff d9 e7 bf 97 2d bc 93 be f5 82 75 3a cf d6 0b ae 9b 3b 6f 81 75 7e d5 03 77 55 dd 76 9f 75 ce 6d f7 df ff 80 cf 7a fb 9d d6 2a f9 7e eb bc fb ad ce 29 d3 ad f7 3d 70 c7 9d a3 fa f4 c9 b0 69 30 ce 1f 76 77 e7 cd 0f 1b 5f 8f fe 8f fc 66 c9 eb 37 d1 f5 e1 d7 a7 d2 bb 94 d7 5b e8 f9 ee d7 73 e8 3a ef f5 eb e0 ea f8 e6 79 2d dd 62 ed ba 8c ae d7 ce 9b 33 17 e1 74 c5 75 aa 4b 10 ee 78 34 45 98 ff fd 7d 37 45 df 1d 11 2e 12 32 f5 26 41 68 84 da 5f a3 a7 77 39 2d 70 9f 93 40 01 bc d7 73 fa e0 5f 8a a0 d7 08 94 46 2f 3f fc 2e 0d e9 b7 4a cb 14 bb 74 7f 4e ba 15 9c 8f a7 0a 8b f1 a6 30 4d c8 c1 06 d8 91 2a cc 9c 05 d7 63 a9 82 34 52 f8 ff fe 77 c0 28 e4 18 cf fd 79 94 ef ce c5 3e b8 66 6c d0 ea 89 75 ef 92 de 2a 08 b3 47 55 dd 71 9b ef 36 41 68 7b 4f 47 30 85 0f e0 ba 29 39 21 50 c8 31 8a 27 13 f6 8c 80 9f 97 52 05 01 c8 29 3c 9a da 35 5d 68 d4 7c 9e 90 ea 08 75 15 66 c3 f5 f1 d4 ee f0 aa 16 54 cd 41 5a 19 38 6d 08 b7 c3 dd d3 09 ff ff df ff 91 3f 69 fa 8c eb 6f 10 af 13 67 88 d7 8b 37 48 fe 9f f2 25 45 5f b4 bf 42 69 0f dc 64 f2 06 f2 dc 8a 20 06 66 e2 5d c9 8d 26 49 39 e8 51 5a 9d 75 c7 95 d3 0b 1f f0 28 df ba 15 97 20 9a d7 8e 31 7a fd 9d 56 5f 2a fc a6 cb 29 ce d2 e3 be 32 b8 bd 50 4e 87 5b d1 bc ba 31 72 89 e2 32 95 b8 b2 64 00 b0 95 dd 33 4c 10 94 19 70 5b 21 78 03 63 a6 a9 f5 de c0 d0 69 81 19 26 a5 5e 6d 72 fb 37 e8 45 fb 72 53 d5 cb 11 73 70 8a 4e 0a f6 97 dc ca 76 c6 2e 10 04 fb 69 f3 33 21 c9 bf 21 5f 9c 25 de 2a de 22 56 ce ba f5 96 9b 1b b6 6c 21 fc 09 ef 39 88 60 47 cd 7e 49 39 ee 1b 21 85 7f 30 48 4a 9a e4 3f 6c f2 37 a8 92 32 22 55 aa 39 e4 cb c5 52 59 0b b0 3d 62 12 86 6b cd 7e 79 8f a4 98 11 30 02 6c 7d 1d de 6d 29 0a d5 ea a4 80 68 0a 88 39 01 b1 bf a4 84 b1 9c 80 c7 66 9a 0e 05 15 4a 4d 4e 9b b5 53 55 01 ea de a2 90 14 48 48 da 24 e6 a9 f8 c1 1f b6 b2 59 83 04 e1 49 29 38 b9 90 3d 73 3e de 29 0d 50 48 21 a2 4c 7f d2 0c 80 65 05 8a 02 4a 0e c8 60 62 97 53 ce 0d d6 5b 1a 7a fa 6e 65 ef ed 32 08 fc 7b 62 9d 73 62 75 1e c9 eb 5c 6e ea b1 d2 9f 98 79 a5 b7 98 a9 d2 9f 4b ca 14 53 ac d6 6b e1 e5 96 38 2d e7
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 586Expect: 100-continueConnection: Keep-Alive
            Source: unknownDNS traffic detected: queries for: flow.lavasoft.com
            Source: global trafficHTTP traffic detected: GET /10.1.2.519/WebCompanion-10.1.2.519-prod.zip HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Partner.svc/GetPartnerInfo?partner=IN220101_wb HTTP/1.1Host: wc-partners.lavasoft.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /Partner.svc/GetPartnerInfo?partner=IN220101_ab HTTP/1.1Host: wc-partners.lavasoft.com
            Source: global trafficHTTP traffic detected: GET /Partner.svc/GetPartnerInfo?partner=IN220101_ac HTTP/1.1Host: wc-partners.lavasoft.com
            Source: setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile created: C:\Windows\assembly\Desktop.ini
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeSection loaded: security.dll
            Source: setup.exeReversingLabs: Detection: 23%
            Source: setup.exeVirustotal: Detection: 34%
            Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\user\Desktop\setup.exe
            Source: setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
            Source: unknownProcess created: C:\Users\user\Desktop\setup.exe C:\Users\user\Desktop\setup.exe
            Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18282981021 --version=10.901.2.519
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh http add urlacl url=http://+:9007/ user=Everyone
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe "C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh http add urlacl url=http://+:9007/ user=Everyone
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA00A.tmp" "c:\Users\user\AppData\Local\Temp\CSC9FF9.tmp"
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\gu1rlzui.cmdline
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA903.tmp" "c:\Users\user\AppData\Local\Temp\CSCA8F2.tmp"
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uld_vmts.cmdline
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB3F0.tmp" "c:\Users\user\AppData\Local\Temp\CSCB3DF.tmp"
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\gu1rlzui.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uld_vmts.cmdline
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA00A.tmp" "c:\Users\user\AppData\Local\Temp\CSC9FF9.tmp"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA903.tmp" "c:\Users\user\AppData\Local\Temp\CSCA8F2.tmp"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB3F0.tmp" "c:\Users\user\AppData\Local\Temp\CSCB3DF.tmp"
            Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18282981021 --version=10.901.2.519
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe "C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.log
            Source: classification engineClassification label: mal63.troj.spyw.expl.evad.winEXE@24/167@9/22
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile read: C:\Users\user\Desktop\desktop.ini
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fd340967acfc2948620252bd3a6aabb7\mscorlib.ni.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fd340967acfc2948620252bd3a6aabb7\mscorlib.ni.dll
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\faf93f57aa8c4c5dddd9cd0de441d5a1\mscorlib.ni.dll
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6100:120:WilError_03
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2348:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3024:120:WilError_03
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeMutant created: \Sessions\1\BaseNamedObjects\Global\servicemodelservice 3.0.0.0
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile written: C:\Windows\assembly\Desktop.ini
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfc97297-c877-42df-8ab4-b183ed1b315e}
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll
            Source: setup.exeStatic PE information: certificate valid
            Source: setup.exeStatic PE information: section name: .sxdata
            Source: setup.exeStatic PE information: real checksum: 0x8e265 should be: 0x8f257
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\gu1rlzui.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uld_vmts.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\gu1rlzui.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uld_vmts.cmdline
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WpfAnimatedGif.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\System.Data.SQLite.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\NCalc.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ucrtbased.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Settings.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.WUApiLib.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUEngineS.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUSDK.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exeJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\de-DE\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ICSharpCode.SharpZipLib.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\vcruntime140d.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeFile created: C:\Users\user\AppData\Local\Temp\bwneskvk.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\en-US\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\acs17.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Microsoft.mshtml.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ru-RU\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Compression.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\liblz4.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Extension.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeFile created: C:\Users\user\AppData\Local\Temp\uld_vmts.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\pt-BR\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\fr-CA\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\7za.exeJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ja-JP\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\it-IT\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.Shell32.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\tr-TR\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeFile created: C:\Users\user\AppData\Local\Temp\gu1rlzui.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.SHDocVw.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\MozCompressor.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\es-ES\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\DotNetZip.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\zh-CHS\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\LZ4.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Esent.Interop.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.log
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\install.txt
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1844674407370954s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -600000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86099968s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2480Thread sleep time: -90000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -210016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2480Thread sleep time: -210000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86070094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2480Thread sleep time: -2880000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -89984s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85830000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -450219s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85949781s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172800000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86370000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -777600000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399875s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399891s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85800094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -510015s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85860047s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -540016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85380078s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1019890s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2032Thread sleep time: -300000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85290219s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3572Thread sleep time: -3840000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1109781s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -84780407s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 6632Thread sleep time: -90000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1619593s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -84690500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1199719s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85200266s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1199844s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85200125s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1199875s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85200109s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1199859s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep count: 34 > 30
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -2937600000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -345600000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86310000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -89984s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86310016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -60094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86339890s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -259199859s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85920032s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -479953s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85920031s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -390078s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86009922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -360187s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86039782s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -720468s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172079532s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -360203s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86039765s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86340141s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -59812s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86340172s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -59828s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86250250s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -149750s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86250219s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -239782s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280109s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238592s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280688s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238624s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -345122812s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -834967s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1035368628s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -954128s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -603965138s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -715500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -954120s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172561470s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -517684500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119235s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -258842295s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280718s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119282s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280687s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280704s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119234s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238438s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -258842343s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238406s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280797s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119156s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280844s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280828s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238250s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280875s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119063s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280937s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119047s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280953s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237970s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281015s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237814s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281093s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237656s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281172s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281157s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118781s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562438s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -356016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562656s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237312s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562624s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237158s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281421s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118688s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281296s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118704s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562374s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237626s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281203s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118797s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562156s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118906s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238124s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280766s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119234s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280797s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119203s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280766s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119234s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172561250s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119375s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238438s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280953s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -258842343s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119406s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -715500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119078s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280907s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -517686564s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -356670s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562220s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3936Thread sleep count: 336 > 30
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3936Thread sleep time: -168000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118703s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281297s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118687s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237782s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280906s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -594375s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562250s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -356016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562656s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -236874s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281563s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281344s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118454s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281546s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281515s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -236500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281750s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562470s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237530s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237030s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -258844455s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118781s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118516s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281484s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281234s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118766s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281468s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118282s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172563406s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118297s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118031s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281969s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281687s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118313s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562812s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -355734s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281407s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118312s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281688s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281391s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237218s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -258844266s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281109s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237126s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281437s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118547s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281141s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118859s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562906s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237124s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281438s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -236468s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172563532s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -236436s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281782s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281079s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -258843234s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237844s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1035368628s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118937s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281063s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281062s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -475624s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118531s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281469s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -345122812s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118187s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172563594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -235594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86282203s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117812s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86282188s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118203s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562062s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118969s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118156s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281844s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117766s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86282234s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117359s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86282641s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -116953s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86283016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -116578s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86283422s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -116172s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86283421s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -116579s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86283015s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -233938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172566062s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -116563s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86282625s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117375s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86282218s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117782s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281812s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118188s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281390s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118610s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280968s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280578s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172562000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118141s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117750s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86282250s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117328s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281828s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -235468s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86282266s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117312s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -117735s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86281375s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237250s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280937s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280531s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119031s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280062s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280516s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238968s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172560156s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86279625s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -120375s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86279156s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86279610s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -239874s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280063s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119468s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280047s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119953s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86279594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172559218s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -239876s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -238970s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280515s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119032s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86279593s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -119907s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280093s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280547s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118984s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -237970s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280546s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118062s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118063s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118046s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -118047s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 6780Thread sleep time: -90000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86279593s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -120438s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86189125s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -210844s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86189156s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -210375s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86189094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 4084Thread sleep time: -5280000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -210843s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85708704s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -422812s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86188109s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86188594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -210938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86188578s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -421906s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86188531s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 6780Thread sleep time: -480000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86188547s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -211422s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86068250s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -331281s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86068188s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -331812s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86067172s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -241485s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86157046s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -242454s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172314124s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -241969s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -241953s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep count: 129 > 30
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -11145600000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -691200000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399454s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399969s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86398484s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3936Thread sleep count: 2160 > 30
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3936Thread sleep time: -1080000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399484s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399953s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399422s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86280188s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -259200000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3936Thread sleep count: 767 > 30
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3936Thread sleep time: -383500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 6360Thread sleep time: -4800000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1296000000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399484s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2236Thread sleep time: -90000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 5256Thread sleep time: -240000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399968s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399469s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399422s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86338593s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -61344s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86323125s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -76859s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86322094s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -77906s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86321594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -47391s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86274312s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -125188s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86274797s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -124672s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85759437s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -640063s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85695406s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -704047s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85695937s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -223641s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172352656s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -223672s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -223172s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86176828s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -222672s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86177328s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -221672s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86177328s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -146672s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86252828s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -147172s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -172504624s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -147688s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3936Thread sleep count: 6652 > 30
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 3936Thread sleep time: -3326000s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -112188s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86268797s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -130687s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86268766s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -131219s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86267750s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -130750s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86268750s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -129734s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85789875s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -609609s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85787891s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -610109s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85761891s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -637594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85752922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -566578s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85832906s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -566594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -171620780s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -589610s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -588578s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85790922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -608578s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85789407s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -602093s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85797907s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -600093s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85734407s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -665093s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85734391s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -665625s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -257201577s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -1998423s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -85733359s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -186750s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86213250s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -186688s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86212312s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -156188s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86235312s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -138688s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86260797s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -139203s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86260281s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -138719s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86261281s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399985s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399406s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86398921s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399453s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86398969s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86320984s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -45016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86353969s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -45500s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86353968s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -46016s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399969s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399437s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86322406s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -77594s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86312422s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -42062s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86318938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -34124s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86308438s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86364938s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -35062s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86364438s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -35578s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86363906s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -36078s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86363907s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -35562s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86364438s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -59092s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86369954s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86369922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86347922s >= -30000s
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe TID: 2708Thread sleep time: -86399953s >= -30000s
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe TID: 5948Thread sleep time: -105500s >= -30000s
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WpfAnimatedGif.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\System.Data.SQLite.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\NCalc.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Settings.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.WUApiLib.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUEngineS.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUSDK.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exeJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\de-DE\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ICSharpCode.SharpZipLib.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bwneskvk.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\en-US\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\acs17.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Microsoft.mshtml.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ru-RU\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Extension.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exeJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\uld_vmts.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\pt-BR\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\fr-CA\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\7za.exeJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\Newtonsoft.Json.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ja-JP\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\it-IT\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\tr-TR\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gu1rlzui.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.SHDocVw.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\es-ES\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\DotNetZip.dllJump to dropped file
            Source: C:\Users\user\Desktop\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\zh-CHS\WebCompanionInstaller.resources.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\LZ4.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Esent.Interop.dllJump to dropped file
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 300000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86099968
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86070094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 480000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85830000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 450219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85949781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86370000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399891
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85800094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 510015
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85860047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 540016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85380078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1019890
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85290219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 480000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1109781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 84780407
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1619593
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 84690500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1199719
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85200266
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1199844
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85200125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1199875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85200109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1199859
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86310000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86310016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86339890
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85920032
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 479953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85920031
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 390078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86009922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 360187
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86039782
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 360234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86039766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 360203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86039765
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86340141
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86340172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86250250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86250219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280703
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280719
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280734
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280735
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280765
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280718
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280687
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280704
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280844
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280937
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281015
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281157
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281421
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281296
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281187
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280907
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281110
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281297
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281563
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281344
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281546
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281515
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281235
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281485
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281468
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281703
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281687
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281407
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281391
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281437
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281141
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281453
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281782
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281079
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280719
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281063
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281469
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280703
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281031
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281844
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282641
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283421
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283015
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283031
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282218
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281812
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281390
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280968
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282266
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281375
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280937
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280531
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280516
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279156
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279610
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280063
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279609
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280515
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279593
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280547
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280546
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279593
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86189125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210844
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86189156
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210375
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86189094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 480000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210843
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85708704
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 211406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188531
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188547
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 211422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86068250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 331281
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86068188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 331812
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86067172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 241485
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86157046
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 242454
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86157062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 241969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 241953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399454
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86398484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 480000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399968
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399469
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86338593
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86323125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86322094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86321594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86274312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86274797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85759437
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 640063
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85695406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 704047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85695937
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 223641
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86176328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 223672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 223172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86176828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 222672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86177328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 221672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86177328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86252828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86252312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86268797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86268766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86267750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86268750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85789875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 609609
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85787891
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 610109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85761891
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 637594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85752922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 566578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85832906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 566594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85810390
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 589610
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 588578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85790922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 608578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85789407
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 602093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85797907
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 600093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85734407
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 665093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85734391
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 665625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85733859
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 666141
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85733359
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 186750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86213250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 186688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86212312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86235312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86260797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86260281
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86261281
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399985
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86398921
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399453
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86398969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86320984
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86353969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86353968
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399437
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86322406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86312422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86318938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86308438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86364938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86364438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86363906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86363907
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86364438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86369954
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86369922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86347922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeRegistry key enumerated: More than 144 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeRegistry key enumerated: More than 210 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeRegistry key enumerated: More than 257 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeRegistry key enumerated: More than 257 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeRegistry key enumerated: More than 257 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeWindow / User API: threadDelayed 2160
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeWindow / User API: threadDelayed 767
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeWindow / User API: threadDelayed 6652
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess information queried: ProcessInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 300000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86099968
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 90000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 30000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86070094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 480000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 89984
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85830000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 450219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85949781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86370000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399891
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85800094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 510015
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85860047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 540016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85380078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1019890
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 30000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85290219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 480000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1109781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 84780407
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 90000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1619593
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 84690500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1199719
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85200266
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1199844
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85200125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1199875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85200109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 1199859
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86310000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 89984
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86310016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 60094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86339890
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85920032
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 479953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85920031
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 390078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86009922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 360187
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86039782
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 360234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86039766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 360203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86039765
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86340141
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 59812
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86340172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 59828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86250250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 149750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86250219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119891
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119296
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119297
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280703
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119281
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280719
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119266
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280734
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119265
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280735
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119235
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280765
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280718
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119282
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280687
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280704
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119156
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280844
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119063
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280937
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118985
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281015
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118907
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281157
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118656
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118579
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281421
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281296
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118704
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281187
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118813
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119375
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280907
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118890
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281110
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118703
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281297
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118687
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118891
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118437
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281563
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281344
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118454
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281546
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281515
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281235
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118765
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118515
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281485
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118781
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118516
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281468
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118282
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281703
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118297
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118031
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281687
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118313
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281407
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281391
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118609
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118563
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281437
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118547
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281141
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118859
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281453
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118562
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118218
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281782
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281079
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280719
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118937
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281063
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118531
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281469
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280703
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118187
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117812
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281031
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118156
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281844
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282234
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117359
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282641
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 116953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 116578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 116172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283421
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 116579
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283015
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 116969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86283031
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 116563
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117375
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282218
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117782
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281812
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281390
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118610
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280968
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118141
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117734
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86282266
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 117735
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86281375
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280937
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280531
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119031
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119469
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280516
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 120375
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279156
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279610
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119937
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280063
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119468
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279609
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119485
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280515
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119032
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279593
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 119907
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280547
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118984
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118985
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280546
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118063
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118046
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 118047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 90000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86279593
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 120438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86189125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210844
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86189156
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210375
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86189094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 480000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210843
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85708704
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 211406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 210953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188531
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 30000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86188547
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 211422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86068250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 331281
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86068188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 331812
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86067172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 241485
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86157046
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 242454
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86157062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 241969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 241953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399454
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86398484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86280188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 480000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86400000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399484
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 90000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 30000
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399968
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399469
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86338593
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 61344
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86323125
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 76859
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86322094
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 77906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86321594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 47391
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86274312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 125188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86274797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 124672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85759437
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 640063
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85695406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 704047
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85695937
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 223641
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86176328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 223672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 223172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86176828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 222672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86177328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 221672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86177328
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 146672
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86252828
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 147172
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86252312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 147688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 112188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86268797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 130687
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86268766
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 131219
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86267750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 130750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86268750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 129734
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85789875
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 609609
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85787891
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 610109
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85761891
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 637594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85752922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 566578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85832906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 566594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85810390
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 589610
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 588578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85790922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 608578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85789407
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 602093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85797907
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 600093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85734407
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 665093
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85734391
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 665625
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85733859
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 666141
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 85733359
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 186750
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86213250
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 186688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86212312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 156188
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86235312
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 138688
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86260797
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 139203
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86260281
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 138719
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86261281
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399985
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86398921
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399453
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86398969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86320984
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 45016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86353969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 45500
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86353968
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 46016
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399969
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399437
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86322406
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 77594
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86312422
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 42062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86318938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86308438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86364938
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 35062
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86364438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 35578
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86363906
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 36078
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86363907
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 35562
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86364438
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86369954
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86369922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86347922
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeThread delayed: delay time: 86399953
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Lavasoft\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess token adjusted: Debug
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess token adjusted: Debug
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeMemory allocated: page read and write | page guard
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh http add urlacl url=http://+:9007/ user=Everyone
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\gu1rlzui.cmdline
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uld_vmts.cmdline
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA00A.tmp" "c:\Users\user\AppData\Local\Temp\CSC9FF9.tmp"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA903.tmp" "c:\Users\user\AppData\Local\Temp\CSCA8F2.tmp"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB3F0.tmp" "c:\Users\user\AppData\Local\Temp\CSCB3DF.tmp"
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeProcess created: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe "C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: unknown VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\en-US\WebCompanionInstaller.resources.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\en-US\WebCompanionInstaller.resources.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ICSharpCode.SharpZipLib.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ICSharpCode.SharpZipLib.dll VolumeInformation
            Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\MozCompressor.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh http add urlacl url=http://+:9007/ user=Everyone
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : SELECT * FROM AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

            Stealing of Sensitive Information

            barindex
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\search.json.mozlz4
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js
            Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid Accounts2
            Windows Management Instrumentation            		1
            Windows Service            		1
            Windows Service            		11
            Masquerading            		1
            OS Credential Dumping            		1
            Query Registry            		Remote Services1
            Data from Local System            		Exfiltration Over Other Network Medium2
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/Job1
            Registry Run Keys / Startup Folder            		11
            Process Injection            		1
            Modify Registry            		LSASS Memory12
            Security Software Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAt1
            DLL Side-Loading            		1
            Registry Run Keys / Startup Folder            		111
            Disable or Modify Tools            		Security Account Manager11
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCron2
            DLL Search Order Hijacking            		1
            DLL Side-Loading            		31
            Virtualization/Sandbox Evasion            		NTDS31
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput CaptureTraffic Duplication5
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon Script2
            DLL Search Order Hijacking            		11
            Process Injection            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials3
            File and Directory Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup Items2
            DLL Search Order Hijacking            		DCSync32
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS

            Screenshots

            Download Video

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            setup.exe24%ReversingLabsWin32.PUA.ICBundler
            setup.exe35%VirustotalBrowse

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ICSharpCode.SharpZipLib.dll4%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ICSharpCode.SharpZipLib.dll1%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\Newtonsoft.Json.dll4%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\Newtonsoft.Json.dll1%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe14%ReversingLabsWin32.PUA.Generic
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe35%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\de-DE\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\de-DE\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\en-US\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\en-US\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\es-ES\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\es-ES\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\fr-CA\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\fr-CA\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\it-IT\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\it-IT\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ja-JP\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ja-JP\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\pt-BR\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\pt-BR\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ru-RU\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ru-RU\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\tr-TR\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\tr-TR\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\zh-CHS\WebCompanionInstaller.resources.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\7zS855E9B1B\zh-CHS\WebCompanionInstaller.resources.dll0%VirustotalBrowse
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\7za.exe4%ReversingLabs
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\7za.exe1%VirustotalBrowse
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUEngineS.dll4%ReversingLabs
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUEngineS.dll1%VirustotalBrowse
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUSDK.dll4%ReversingLabs
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUSDK.dll1%VirustotalBrowse
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\DotNetZip.dll4%ReversingLabs
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\DotNetZip.dll1%VirustotalBrowse
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Esent.Interop.dll0%ReversingLabs
            C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Esent.Interop.dll1%VirustotalBrowse

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            wsgeoip.lulusoft.com0%VirustotalBrowse
            3.246.11.0.in-addr.arpa0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://wsgeoip.lulusoft.com/IPService.asmx0%Avira URL Cloudsafe
            http://wsgeoip.lulusoft.com/IPService.asmx2%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            wsgeoip.upclick.com
            		64.18.92.11
            		truefalse
              		high
              wcdownloadercdn.lavasoft.com
              		104.17.9.52
              		truefalse
                		high
                featureflags.lavasoft.com
                		104.17.9.52
                		truefalse
                  		high
                  wsgeoip.lulusoft.com
                  		104.26.14.158
                  		truefalseunknown
                  wc-partners.lavasoft.com
                  		64.18.87.81
                  		truefalse
                    		high
                    flow.lavasoft.com
                    		104.17.9.52
                    		truefalse
                      		high
                      wsgeoip.lavasoft.com
                      		64.18.87.4
                      		truefalse
                        		high
                        3.246.11.0.in-addr.arpa
                        		unknown
                        		unknownfalseunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://flow.lavasoft.com/v1/event-stat-wc?Type=Activity&ProductID=wc&EventVersion=1false
                          		high
                          http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101_wbfalse
                            		high
                            http://wcdownloadercdn.lavasoft.com/10.1.2.519/WebCompanion-10.1.2.519-prod.zipfalse
                              		high
                              http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1false
                                		high
                                http://flow.lavasoft.com/v1/event-stat-wc?Type=FirstRun&ProductID=wc&EventVersion=1false
                                  		high
                                  http://wsgeoip.lulusoft.com/IPService.asmxfalse
                                  • 2%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101_abfalse
                                    		high
                                    http://wc-partners.lavasoft.com/Partner.svc/GetPartnerInfo?partner=IN220101_acfalse
                                      		high

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      72.21.81.240
                                      		unknownUnited States
                                      		15133EDGECASTUSfalse
                                      64.18.87.4
                                      		wsgeoip.lavasoft.comCanada
                                      		21548MTOCAfalse
                                      104.17.9.52
                                      		wcdownloadercdn.lavasoft.comUnited States
                                      		13335CLOUDFLARENETUSfalse
                                      64.18.87.81
                                      		wc-partners.lavasoft.comCanada
                                      		21548MTOCAfalse
                                      104.26.14.158
                                      		wsgeoip.lulusoft.comUnited States
                                      		13335CLOUDFLARENETUSfalse

                                      General Information

                                      Joe Sandbox Version:38.0.0 Ammolite
                                      Analysis ID:1343592
                                      Start date and time:2023-11-16 14:20:54 +01:00
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:22
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • EGA enabled
                                      Analysis Mode:stream
                                      Analysis stop reason:Timeout
                                      Sample file name:setup.exe
                                      Detection:MAL
                                      Classification:mal63.troj.spyw.expl.evad.winEXE@24/167@9/22
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                      • Excluded IPs from analysis (whitelisted): 72.21.81.240
                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                      • Report size getting too big, too many NtReadFile calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                      Created / dropped Files

                                      (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):341
                                      Entropy (8bit):4.568219519473655
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:173C8E5D53012FCD93034042F8464A19
                                      SHA1:226FAFB255A07EE20E0522A8902638844AFB88F1
                                      SHA-256:5BA3803C178A75C84F9868BAE53EDB497F63869DE941DC21578546185C269D77
                                      SHA-512:D1CA7EFBB86066CC8E1D0DC91B122D3B7F98C56F49F449DA405D36304E73905986EB697604360EC4BF6B2FA6603AD3020624428D2A67DB050CD141E23780EEB5
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="TriggerType" serializeAs="String">.. <value>afterinstall</value>.. </setting>.. </WebCompanion.UI.Properties.Settings>.. </userSettings>..</configuration>

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):330
                                      Entropy (8bit):3.4582511853514797
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:1105F036145F431E30991782D96BB2C5
                                      SHA1:E47D35095B1A38EB9DAF0318DCE9CDA9DA079F17
                                      SHA-256:2622060A41B6FBF73065C303313ABACF2D9450BA62CAF085EBD58B8D9FA63C89
                                      SHA-512:AB267DF9B273780048271872EFD9C2E6E1DABF152724B8C4EEE728A4C6D74B945FA100379447E2254BDE4543C3B836B0182BC59854037300D3B0A835500A4000
                                      Malicious:false
                                      Reputation:low
                                      Preview:p...... ........,..M..X.(...................................................... ........?:.".......(...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.0.6.7.8.6.d.1.2.2.d.5.d.9.1.:.0."...

                                      C:\Users\user\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:modified
                                      Size (bytes):85877
                                      Entropy (8bit):5.301906497323611
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:CF156DEA498BC0E6E35C9C7B80C4BE8F
                                      SHA1:093EB4A1E576578F9538571E1F8F0CC5FAF29DE7
                                      SHA-256:040F61F0234FCEA6B5174FB9690C2383970E14FF3ECFC8686619C27D40B48D30
                                      SHA-512:BF15AF8900F0A0AE564362707E58403CC4D5BC9CBA980679C2CE52AD7CE16A7333C9B43C691017B0A18B02B5CD69A753DE2C2B032864696A8727FC4812DD0C36
                                      Malicious:false
                                      Reputation:low
                                      Preview:INFO 2023-11-16 02:21:43 [1] [WebCompanion.UI.App PerformWebcompanionStartup] --------------------------------------------------------------------------------------------------------..INFO 2023-11-16 02:21:43 [1] [WebCompanion.UI.App PerformWebcompanionStartup] Starting Webcompanion with :C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe --install --geo=..INFO 2023-11-16 02:21:43 [1] [Lavasoft.AppCore.Services.InstallService GetInstallerSettings] reading file: fileName: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\Partner.txt..INFO 2023-11-16 02:21:45 [1] [Lavasoft.Events.EventService SendFeatureFlagRequestEvent] Starting collection report data for...FeatureFlagRequest..INFO 2023-11-16 02:21:47 [1] [Lavasoft.Events.EventService SendFeatureFlagRequestEvent] Collecting report data done...FeatureFlagRequest..INFO 2023-11-16 02:21:47 [1] [WebCompanion.UI.AppCore.ActiveFeatures.ActiveFeaturesManager .ctor] Getting active features.....IN

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\2nptwtq8.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2870
                                      Entropy (8bit):4.264994072366949
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:EF9EC81D9A7E277580FBFE0909FFD44C
                                      SHA1:22F888348C13647FA34287E6C925F0F886B9F680
                                      SHA-256:E3DD0307E18F1F612428FD43AAA234D5519ED305FE42E6358205BE8644B78AC9
                                      SHA-512:F8BF39CC210FF8B2A5566381A756892FCE10C60D90D674D9A23052E46D1E677AB39521E573332DDA910EE4E3D6ACBC35078C817F73FD08F7D71D1022EA1BAC7B
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739708.23:07:23.1027667</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\2qyxaaap.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3015
                                      Entropy (8bit):4.267312832686704
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:898D2662EF8E6385493E361D52C2652C
                                      SHA1:EEE5C075487A25BFF7726578058A4EF7E4CC4089
                                      SHA-256:9D56065D5655CA5D70CB8D43FDAEE4C9D06B8FD0F238FF0740691F2897A53180
                                      SHA-512:05E47101A01D2AE0E0F80298834DB42D3916C7E4ED2CF776E9AFED02BDD7B65EEAD0803A816F87BB78AE87D639C63D1624F9A6FFB35FEC1A8AB4BB28574B8C64
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739930.23:01:23.0207966</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">..

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\43s5ht1v.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.265242397263506
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:E9B8C0D3394F9DBAE53F2F82074A4EC6
                                      SHA1:0FAFDD8A1C9080EC3194933CDAF42DF34D174030
                                      SHA-256:F802E4D2B404A1A0A3B0BD7ACBD346DB5EA05C364989A89FF0263BB6D64037B0
                                      SHA-512:07B2CECFB77E09EE57DA3994198AAF1C09BDAFEA3B80F49FA023DF9B3099DCD6DAF22219E21AFFE17FCFA6DF9F166BD72BB5E1775C8D459A7E0184A87F9DB7E6
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739335.17:29:16.8337971</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\7mwairfv.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3164
                                      Entropy (8bit):4.269364534015424
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:84B8B4D619221B9E40CC1B4F4B28B60E
                                      SHA1:F1BF82D256D4F0A11AEF92BD76AC8B72886B7909
                                      SHA-256:CAC873B1079B6C29B59A2D8893C287AB677A93BAEAC679311D62564B68492E9E
                                      SHA-512:F386F5625B16452E887BAFD0EAFE5B80134C79BF2F501E44A2A09614E64C3672BC824FFDBFB99E6ACDE9DBB1D1A5DFD4758C031B630B0954032812EB47E3B717
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>778514.11:10:17.7128042</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserHomePage" serializeAs="String">.. <value>about:home</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" seria

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\7nzvs1a0.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3015
                                      Entropy (8bit):4.268469279591521
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:C2FD1303211452B309AAA2C0845585DD
                                      SHA1:45FA9F26B71285BF5A0E040B31AD2DED7053A0FC
                                      SHA-256:39BCCFC50D712FCB2D94764B2793518915D6BFFA76A6246404D5D31B4DF5A6D8
                                      SHA-512:8860245CB8277A30F8BF5213931E5E408452AA672F2A9A4109C5C5EE0BEF3D1736C78B82B8F243D0978B1F1BA17C4E69B34EA1096F843D42B61AFB53729FC9AB
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>777693.10:57:30.7947981</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">..

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\8ievdmuu.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.266715372474864
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:AAB98B4822AEADD3E7191481EA706C56
                                      SHA1:22FD1C1BCA96BAE7580256E1192FCE99688AD6D8
                                      SHA-256:7FAFB18067BD67F4CCD153C1A7153B779ACDD68628BF98AC8F1B62DC1209C275
                                      SHA-512:3228C32F4425A363F8E772C9641D0725F5327303DBEA7FD1224A1DBC039E572214791606E2D2186C5995E53B3B247D41E83C80896716A9CF4BE35D82B3058CE0
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739568.20:31:27.2527943</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\9phv_uky.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3164
                                      Entropy (8bit):4.273936086937899
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D9D7F9D181F30CD98061E8CC3C9070BC
                                      SHA1:BD555D39956F503DACFB2B9B949EEE2775F728F7
                                      SHA-256:7453BABA4420FC07664BF2FCBDD3EFABAF2F91BA18E0D363672A04E0E410B942
                                      SHA-512:789EC8C270DF4F79AC18F7B17CB51D20471B91C28570D35F01BA147A8FAD027B8F08A57C4EB4A95A5851188A95279B24FB3D762B701382094F300E326EDBD5C9
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>778205.11:06:26.2437993</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserHomePage" serializeAs="String">.. <value>about:home</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" seria

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\aozjqrcj.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2471
                                      Entropy (8bit):4.273897685172087
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D3BA054C2EA93D34D5358841F701F07F
                                      SHA1:B69690449ED8FE8F18BFBC657AD1A965D83DB8C7
                                      SHA-256:6EA98ABFF1679D2A47248BD4542F96784726504881CE096834801701D00FD874
                                      SHA-512:A4D569C22E1E257BE7AB1AE61CE6E4276268896B5B34A338727CDF8670EDE42DFA74884855E0012A120A4A2ACA471E4B1DD2DF9A30D6D55C4D8EF002664C045B
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738853.14:58:16.1977932</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableChromeExtension" serializeAs="String">..

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\co_mx4t1.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.264825033186346
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:2D26542BD1C6F6F32C5A580208BFCE21
                                      SHA1:5A7DF79BDA7F0D02FD589A9AEC159E48F21A0CE3
                                      SHA-256:065D21421C90F28C8788790E014B5751C4A19692CDD6A07E03426949F2051B03
                                      SHA-512:D8DCCCFC31C665231D51EAF6108C78C1167CA131EFA909E3E56568E0640E270868B4B73C2384DDEACD1B66533A86772BF03A610A6C74328761BF4CD817AA9089
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738900.16:06:45.2818049</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\dqyxq66s.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2870
                                      Entropy (8bit):4.267347691705681
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:6AC7D98A159546F1C1EFE250C68AF300
                                      SHA1:78C6837E38A9124A0DEC5440F3D12C5122B174AE
                                      SHA-256:567CD2FF7456179D818726C38882CB2CFC46AA85AA4AF91EE97B3FA5ECDA4A7F
                                      SHA-512:01F51CD164332FCE3C491AF2BCF7C4156E4D73847671E0D98F36CBC7C9F8C998163413591D7CE276A5872A46AE1D82307945BD6741782CB8D6AB0E775667B10A
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739568.20:31:27.2527943</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\dxst2h0c.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.263821065437744
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:BA46CFD14482B4044C036574DEF6410D
                                      SHA1:7D03A0F1BFEEA1A515A0E156A98B961ADB2E28BD
                                      SHA-256:A8A5D5E11106C847A0DB2F47DB0015106C4DE98D1D8DB98740E1BE3C1C99E06C
                                      SHA-512:8723BC6878665CED1002D426AE5BC0DA3BB179EAABAC2B8688BEFEC5F1FCA038BD8E38E5A6E6C1B48DA96DAC1F47A67A2635AC9141E8AA19DFBB57799E0876C8
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739513.20:42:03.4738010</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\fxx_rnbc.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3152
                                      Entropy (8bit):4.249198216544333
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:DADC3D426407956532E5A9EF0C268DA0
                                      SHA1:6295500066D428B6E13DA62E0A761A2004AB5967
                                      SHA-256:0F2FD7679066151919DF03493C9E84DF8747FD8D5A049CA5B45427F191ECD85D
                                      SHA-512:E5764441D86715A41D4F7922534661D584B678B4ECCB3258C07EF3AA454FA77E1FD7ADFEF8A2FBBE1E6F56BA357EEFFA690A77DC435A386D229DA8626D76B536
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>27.22:07:19</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserHomePage" serializeAs="String">.. <value>about:home</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="Stri

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\gkst4tla.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.2663344025194645
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:86991EEF33F92AB70A73DC02F7276362
                                      SHA1:7AF6F685CD63ECCF7D8724C02D65E319A5C5D3A6
                                      SHA-256:A5AE116E6D201CE26A196EC110B9A71CACBC08415C84665AF442EE0C73E4B3B8
                                      SHA-512:D4E0E81AEEF92385AE09750E974EC7A0850EE7CB3126E3FB84B2BD4D4DE8AF6F030C0A993B4B083397B88C6A21901D3C3BAE0E277D36DAF35B2C56F7B425F563
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738889.16:04:45.2717995</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\hv-jasr0.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2602
                                      Entropy (8bit):4.265648009255548
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:A67E64C43E5D508397C798184695DFDF
                                      SHA1:8DDA40B5B6FE06AA63A24ACABDDBC76A167FA042
                                      SHA-256:137BB1E1635A3E5EA32B9108EC253040A079250407F817C3069C3642D94C6A89
                                      SHA-512:FDA07E214A1A03F17F3F643272FDFE5EADBDEE6405C09408285A11117E7C72B3ED7CE7F5616690CB49793072D0CDD7341833B12032C0CEE5531B5CE0A7D5DC6F
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738873.15:39:45.6527990</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\iucashcy.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2471
                                      Entropy (8bit):4.273816855167952
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:2AB4CA00865C25E40EECCD5AF484C6D4
                                      SHA1:4B8ED84672D19B78A6B89009A0DF9DF1FDA00068
                                      SHA-256:B9A9F4DEF43C142363F378829F731B2D5B182A0A5EFC6DE330E9DB9C83B415F3
                                      SHA-512:BE6ED666490AAC693B07EE7A296BA230D99FE3FB9FA7B86A0856C03F25A894100E50FA84E37404D882A4731B3C152B5BEC48A06918B0514990794222A9D7DE25
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738849.14:56:16.3827948</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableChromeExtension" serializeAs="String">..

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\j606blpf.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3164
                                      Entropy (8bit):4.273188764568556
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:35548BEC1516D6D2A861CC0EDE3F3168
                                      SHA1:A6C9FD713346AAC698F85554D73346C4EF7F8566
                                      SHA-256:771A11DC27ABD4110BF79DA5345CF97FAF2B213E476592900A7407F6EBFC7268
                                      SHA-512:1420012351ED3C03A0690D8E301969BA5BB3938A7811E2D25AC273A53DFF7303C39D631E1F4C6D3712AB310E62AAB7A1C2A12B485B9D9427C2A2208C1210C394
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>780469.10:45:40.5897954</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserHomePage" serializeAs="String">.. <value>about:home</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" seria

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\k8emhh49.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.2640750253546615
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:0CEA26E2D916A156931DD1358C9D3C3C
                                      SHA1:F28BFF3CD24C4342820DE02699D7C68F88531B05
                                      SHA-256:8214BBB386970039D060C689B5D67C636B1BC5E01CAA985F60C254A897175F86
                                      SHA-512:3C971214D9C9A92A7CD17EB1DD153193BD4EAFBBAD0CBA45E9AEA850EFDEC09FAA01BEAA0799797051207315F7F2FE50B212B7E0A7E2631D76C68BE8242C5EB7
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738894.16:06:15.2818016</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\l0racqmd.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1923
                                      Entropy (8bit):4.236769694442292
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7C1E2FA646B4CD024F84780EAB71FA96
                                      SHA1:8EAA1CFBCE0B2741DB17BCD7E82D1A2E683E7B95
                                      SHA-256:344E20EC032DD49019F57186186C0144EAFFD6DB89E0F082C7B29FEE6123B8CF
                                      SHA-512:A6071C3B62F479FE4B3FC04CCFAFD776C27774722A1537B343A6FB9EB6748CFBCC51A2AFF378498959A14908AE6053CEC29C9D71044E47EDAA1929F098D7783F
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableChromeExtension" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableFirefoxExtension" serializeAs="String">.. <value>F

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\mbuf-2uy.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.265711404726262
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:6BFE8ACC08C9DFE1ABC5E0DC9D9677EA
                                      SHA1:FAB7998F03062A5F8C3B66E985499E2D58222C11
                                      SHA-256:A1F5E45D3CDDA244031CEF5AD26499FF0FB72512880A46A767750981F3A9FA65
                                      SHA-512:EB9C93930EA26B5656F3EA4FE172051598167469D29A1110404C052B7B4A4658E4D943551E0D45A86EE92D89F9EE0982CFCCB61C7B6C5E461BF86529066D88CF
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739507.20:33:56.8888014</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\mtpe5cus.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3015
                                      Entropy (8bit):4.266641825195392
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:E643954C0D286F037224E79360EB0FB0
                                      SHA1:C6461ED38820FBC5D501FBB2B2F94A09CD244AA6
                                      SHA-256:5DF56F573A88C0D59AB829090807896372CFB6BB2374B83E70BF080B00C73E09
                                      SHA-512:820707019D62102F07A3CC53F72FBBA06115130A3B1A6E0D34F0D50B6AF72B64CE56D997E532C1392F022952717396705E661A496D1B4711E9CEBE0BCF3CD55F
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>777177.09:56:05.0078002</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">..

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\n3mmpimc.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):470
                                      Entropy (8bit):4.4748128372883285
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:64C71BBABBADA7B8824B3C637B404AE6
                                      SHA1:58908D0F0A3DCA96FFED1FF36DA5BDF761F56338
                                      SHA-256:58B78F4EF263136491DF59BCF5C510B03116BD7C18AE319C868367296C7041A7
                                      SHA-512:E8FDD3FF659BD7C1B581B6245DD059247BD382C0971411347BBBC8ADC75C1108671A3B019021D615739AD8AABEF92ACF342B72316647EA324EEF78F2B3161337
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="TriggerType" serializeAs="String">.. <value>afterinstall</value>.. </setting>.. </WebCompanion.UI.Properties.Settings>.. </userSettings>..</configuration>

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\naxubq7e.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2602
                                      Entropy (8bit):4.26113788723652
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:461406AF7789C8EFA1F1A306125F49A4
                                      SHA1:23C9FF5427043BC1C56803E84A5C4403840B8F30
                                      SHA-256:1B6A93DB0CF927FFF9E13F3461F2B5FD9EAEBF25B9722F16D02420022E5DB2D3
                                      SHA-512:C54A68EE9E8BD8DA7873F777BC80302031E13D131837D5D1D11FF73DCFB4EB0A19CAA848BE833BF084F7DA61FB9FD1CAA1A108F8A9349F24D3752696FA697109
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738880.15:48:45.4258025</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\nb3jm_tf.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2602
                                      Entropy (8bit):4.262646713554297
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:41275EFFBF8489EC201225E57895011A
                                      SHA1:45FC0B66FACAB364700D362DDB9CC911A1B5A344
                                      SHA-256:693CAC70969AD0ECE205C01BAD49F14D5DDC335D5EA79963DB784C3DC35C3459
                                      SHA-512:47004C3375D93F888F228FBFA02A1DC04234936FF856D83026539E31EAD9BA5198750540B1C64BD83F110D5ABD4E5524AB4D12807B5B79FFB9F8C862A56F6DDF
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738879.15:48:15.4338033</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\nbgen8te.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2196
                                      Entropy (8bit):4.235228623380456
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:A9EB5AD0DA6BE3AA87CC39CF012DC284
                                      SHA1:48389210E24F2B2279B9F963AE4140C70926AD60
                                      SHA-256:2CB9E12F6D7DF22F74F7E7AE99188DC59F4AB498EEA25DB7F62B447CC8AEEB49
                                      SHA-512:82B566FD8E1DFC27F1458F1DE72AFF085BCE2B7D7401985C9E629DAE5BED85E0D67B14879D1EFACA1FABE453D9A857B5D64B68F8E6A6CF04C0A5A5BC21BD5F50
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableChromeExtension" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="HostingOS" serializeAs="String">.. <value>Microsoft Wind

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\otfmh8mw.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.266440267700023
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:33250DC08C4F70416C85D9CA892BBF63
                                      SHA1:8463E4C7A099A5B4D498146B3F7B8DF5AD2BF980
                                      SHA-256:5A5E89AE28816D0DE18CF7BDA6CF4ECD546FFB0BF847A5BD1485492D8CD6BA66
                                      SHA-512:AA233815ED487A17D217E8C1C7C8C23D14A6A7F579BAF4C6B724D6298F0C6FD52EA3EDFC8F83E19D7B387247F05C2661473D04DBECED2A65CC746502BE39CD0B
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738903.16:06:45.3947973</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\p-xjapak.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):341
                                      Entropy (8bit):4.568219519473655
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:173C8E5D53012FCD93034042F8464A19
                                      SHA1:226FAFB255A07EE20E0522A8902638844AFB88F1
                                      SHA-256:5BA3803C178A75C84F9868BAE53EDB497F63869DE941DC21578546185C269D77
                                      SHA-512:D1CA7EFBB86066CC8E1D0DC91B122D3B7F98C56F49F449DA405D36304E73905986EB697604360EC4BF6B2FA6603AD3020624428D2A67DB050CD141E23780EEB5
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="TriggerType" serializeAs="String">.. <value>afterinstall</value>.. </setting>.. </WebCompanion.UI.Properties.Settings>.. </userSettings>..</configuration>

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\pipwobak.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2870
                                      Entropy (8bit):4.2672464742647565
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D7C610A73DF6385897A4B290C92F4495
                                      SHA1:02C9A055B05DAE1926F9D3918D72DF9E22740915
                                      SHA-256:F50A83DD9F78009DE0E61EB26215746DECF6B8D3F18E7FF2C713FA0BE0C2CB75
                                      SHA-512:3C609C59FFE949661E73F025C4CA997A8AA3A85863EB0F9622F4079B89FE31A2912ED0E1F493BEF8D101CDFBDA5387B4112ABA0FB738F1C25AB49A4F31563572
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739815.23:40:53.7698771</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\ps2fytrd.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2456
                                      Entropy (8bit):4.231802070275663
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:FAC73488139F51A03A00DB422C4B3904
                                      SHA1:6E739CA23C3FE1B1B6DDF1C16EC93AC42EBA800E
                                      SHA-256:E5C3A93F2A9A9E4FBEC3B1316BE019A4D4E9765ACDABB544A1BA6A0F4F739633
                                      SHA-512:F7541B6B9138832E12D43DBC90BFBBD006E090496687F4C8D69601F3FE5934B67AD6D29BF777B62021A2232830D2C1BEE590EA7F3885B307E3C6865D2A75418B
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>00:00:00</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableChromeExtension" serializeAs="String">.. <value>False</v

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\q_vpzque.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2471
                                      Entropy (8bit):4.272477298687131
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:4D7873F4349B0126BE25C60F48B8EDF0
                                      SHA1:88271EEBF371BEA235793E9630CE87130E6D16E1
                                      SHA-256:4371B055AC80EEFFDCEA1CEF16DC4C49C3E51C413DD5272175584A5AFE402679
                                      SHA-512:536E432D49CCB7A121001E321DDBC86854A878DA4D9CCE4E2B90AAD0C7C7247B62468AEFF54BBD7DE3017D9F2EB2D635DDC9CE48FA05B44B373FF2035D5EDB4D
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738855.14:58:16.1877989</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableChromeExtension" serializeAs="String">..

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\qf-jugfm.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3164
                                      Entropy (8bit):4.273020601175497
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F3CC766D48C500E44D87E5E801D489A0
                                      SHA1:0C97D94ECB4D675669ED13063E6B0E41CFBB6399
                                      SHA-256:3A5396559AFF853D99680FD91743505A1358E3C212BCA1144F51E0B756738AFE
                                      SHA-512:F7E5680031228D5C3FE22E0F557A973EF7AA7C66E460A53670D5683C9BCB41479837B7311BF0B4881F2AB52096CF643BA2CF096B97A5CA2C41274025F2DB20C7
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>778198.11:03:25.7528063</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserHomePage" serializeAs="String">.. <value>about:home</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" seria

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\rcq8iixn.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):3015
                                      Entropy (8bit):4.268672655396525
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:9C60B1C4D24D9A5A216423F8E1F4ADD9
                                      SHA1:4A954631D9CB071700DA4BF92C066FD0F1016430
                                      SHA-256:5DEB2267E6844839D516EC59EA5679CB6CD3E8ACC5D9F819753249DB70CB8C78
                                      SHA-512:FADF1451140D12E84A2BD5C33C6D28B6EF5A2DEFA436C8FC482FB2554193F42516429286FB0390D10AE9A7E82B4F790FA9F61D548491F83337544ED6E52EF7FD
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>777081.10:55:49.4657981</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="OriginalDefaultBrowserDefaultSearch" serializeAs="String">.. <value>3</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">..

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\ucbzir1t.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.265436299951421
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:471CB907B9976228DCE8B0A9C05A2B3B
                                      SHA1:1809A805ED2EC23527E639D9F0B5435708E4BD1F
                                      SHA-256:6C326FAE804D965DC006C7B2B7B4AE387DC485D96BC5BB291126FF8DBABEB1FD
                                      SHA-512:AC52591DA99CFEFC6073AF1EF63E30D14EC9B67884010B637D8B1E0F27116FBBD3AB7365AD9EC404438550788499A9B2E9B4557FBB643A22024FCEBCFD3C39D5
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738908.16:08:45.2558062</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\urmh6jds.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.262795952831218
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7AD3A981E9ED78FEB0110AF8E52D8A2C
                                      SHA1:1E6EF20379514765F4765384BC57E4D846699447
                                      SHA-256:2538C0F2CEA4D9546D5375415152CA3626EBEBD256F2DFB7929B29ED687B076E
                                      SHA-512:020DABD02B07B0CDD848FCB1360D20641D1EA4803994FEF51F854989D4748D7574F41FCBF154CDFB2DC26A61D416B43E2F59C605B28AE5D137FC5724FFF423F3
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738880.15:48:45.4258025</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\wrmusorz.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2471
                                      Entropy (8bit):4.274162768956811
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D97C40939457D39CBDA49279003A8AF8
                                      SHA1:0812CB30DA1A52E3927937788F0333743DDED09D
                                      SHA-256:36BA91AC28DFF98334CBDBEDA502F3473EFDB35F4F6116CCD8EE21A5BFDBE5B8
                                      SHA-512:BF1E8EE0CFB3AE5094B0A0B9A58EA19ECB62581D217D1C8CDDDBE8E4E4D93D8174BDB73C207ECE4D1B89C5B6F4E945869C3F77CB06106B7BBAB913BFDE361A7F
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>738849.14:56:16.3667958</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableChromeExtension" serializeAs="String">..

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\y7ukgdfa.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2870
                                      Entropy (8bit):4.26738248803673
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:5494D02F3AA36D516857F7F06BE64349
                                      SHA1:A2A30E7833EE84FF9A6FD9E696DA924FAD77952A
                                      SHA-256:C0DD4DDECF06C97349660AB8934E2FC176938F9E12F683F544DC9B94F3573748
                                      SHA-512:B36B921E7A63C3B6ED30789F4451214858861077772239B89D5EB15E09AEE21095CF0B0EAD086DAE7FB05FDECE36916F47CBA07B88C4369297567E845EE4D7C8
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739880.23:49:21.4537968</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\yfgeeawm.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2870
                                      Entropy (8bit):4.266124773585706
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:97BA57115C3CE05E9C7F46615372ACFE
                                      SHA1:FFD99835BE69AF57A3FDF05428C35302A0FC6709
                                      SHA-256:57951061B92478E838D7821F8F2BBDE0CBD61D00FA909907668DA9407DBB9C4B
                                      SHA-512:439E3772B1161D4A3FA9A01F4542EFD4F888AA15AC73FDD3FB19C0481F479F7BAC36FB3D90283755C2802E0653DBA4B3E5D3576BC0231AF239D242C996A7929A
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739769.23:34:03.3627941</value>.. </setting>.. <setting name="CountryISO" serializeAs="String">.. <value>DEFAULT</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Lavasoft\WebCompanion.exe_Url_kbdxbdyeiodfntntotimgep5mmfewgmy\10.1.2.519\ztxuvqqy.newcfg

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2744
                                      Entropy (8bit):4.266022903622863
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:6094CCDED549C7DAF7FE9A2989495463
                                      SHA1:22517F8441AFA57F73FB8E66DDBAA925C8F466D0
                                      SHA-256:BA93877B071A3730025798238C699D02F6E52AEFA6D34D3D3F2033E23F994FC2
                                      SHA-512:C2F8C4AC93A5B093B365594E75FED6008B9BD213F2169EDC3A27A7F29289A9F563E1FA743A0CC8B2790BCC9ACE017C0E34F9F21652D54037D26DF97FC72AF290
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="RunAtSystemStartup" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="AppHeartbeat" serializeAs="String">.. <value>739233.16:29:00.9558094</value>.. </setting>.. <setting name="ProductVersionType" serializeAs="String">.. <value>Free</value>.. </setting>.. <setting name="IsSearchProtectOn" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="EnableWebBar" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="IsMURLOptOut" serializeAs="String">.. <val

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ICSharpCode.SharpZipLib.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):212296
                                      Entropy (8bit):5.740854639698686
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:1E16BAD4F6A563C46161BB4FB0CFEC4F
                                      SHA1:E86EE8B835814FF6E6D6709A00694D0308CC83F3
                                      SHA-256:C7B5080EA8B2753751CB6252A3E9EDD2A292D8A141DE9E65CD3D0005EBE041E9
                                      SHA-512:A0A52C24BDE70DFD22D0C7B57A2AE53927A5EFD2A6DD18A325F7D03A6FD94EEB6C5885B63C7E135BAC786BC4BDE82640584E76AB04D9A9E6BF24923B9F05E7E3
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 4%
                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@......./....@.................................d...W.......................H-... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\Newtonsoft.Json.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):437064
                                      Entropy (8bit):6.091467140796373
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:6FE086F542AE0DDE2AB0162A87B63192
                                      SHA1:A940664CE30F1938FED543D23E3715732315AB2F
                                      SHA-256:484A60598618C20E518C0ACB0A2D5296FB64D15DEA2EDDA698A178CABA16CE27
                                      SHA-512:CA4C8682B169385A2B2795A3C128B985123D40670A55B8D5D5545E3377568BE396D370808D14D099C583991E3CA438E1D48963C4E1620131E1BA4691F8F40CA2
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 4%
                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ...............................a....@.....................................K.......8............~..H-..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):472904
                                      Entropy (8bit):6.4713870203602575
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:4A5B051EDBC60C58D0FA08810AB2FA0A
                                      SHA1:0430C9096463C70CFABD1E831DF7121FC39BA811
                                      SHA-256:4F388B54E9BA62572013722783938E1603FE3E76B5B02031ED33DF09C1C73EAA
                                      SHA-512:9A9E0E5F85FF379D5927FE0525592B8378B40B6237E8F0B9C34FA667246140EBE26883575D3D8E0C437E3A2571CD0BC39337F3FAC88694537C4FEFE227AD63CF
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe, Author: Joe Security
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 14%
                                      • Antivirus: Virustotal, Detection: 35%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.....................t.......... ........@.. .......................`.......R....@.....................................K........q..............H-...@......X................................................ ............... ..H............text....... ...................... ..`.rsrc....q.......r..................@..@.reloc.......@......................@..B........................H........7..`z......I....p..X.............................................~....}.....(......s(...}......(....}....*br...p.{....(......(r...*.0..j..........{....rk..po)...,.(.....+.(......r}..p(......(......r...p.{....o....o.......(........s.........ob.....z*..........UU......6r...p..(r...*.r...p.....*..{....*"..}....*.r...p*.r-..p*.(h...o....*f.~....}.....(......(....*6rI..p..(r...*....0..c.......~......(....( ...,.r...p.+..(.......(7.....(...+.~......o".....+]..(#......(...+

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe.config

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2729
                                      Entropy (8bit):4.9952121975480415
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:EBACEC1E9929BD429C709A9FD0C210AC
                                      SHA1:A6A847FD94FA1D243108ECAC6EB75E14033A93C0
                                      SHA-256:AE0E80F5549F5AD5EF0996882A2E0F997FF3724E63A35C9BCA9001B10F58DEE6
                                      SHA-512:8A7F4DCCF0FD9888D19F01358C751A917D707C5B2CE01852224A4D3F70440D0E026DD824AC51F07942AD7722D07E949798CC044DCCD32559F35651F01EFCD196
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ProdSettings" type="System.Configuration.NameValueSectionHandler"/>.. <section name="StagingSettings" type="System.Configuration.NameValueSectionHandler"/>.. </configSections>.. <ProdSettings>.. <add key="Installer" value="https://wcdownloadercdn.lavasoft.com/10.1.2.519/WebCompanionInstaller-10.1.2.519-prod.exe"/>.. <add key="WebProtectionZip" value="https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip"/>.. <add key="InstallerZip" value="http://wcdownloadercdn.lavasoft.com/10.1.2.519/WebCompanion-10.1.2.519-prod.zip"/>.. </ProdSettings>.. <StagingSettings>.. <add key="Installer" value="https://wcdownloader-qa.lavasoft.com/10.1.2.519/WebCompanionInstaller-10.1.2.519-internal.exe"/>.. <add key="WebProtectionZip" value="https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zip"/>.. <add key="InstallerZip" value="https://wcdow

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\de-DE\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):10240
                                      Entropy (8bit):4.902356109130438
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:383BA01583DD7FEEE5B749AE4C0A058B
                                      SHA1:A9C70ECDC4F1B4C73FF0B1B12D8254EA951F9AF8
                                      SHA-256:ECBE3D8661D6495A47182DDB0C2099EDD1E1B3BE1F14449A10F3F47DDD62539D
                                      SHA-512:3CE5F2B4BE2EF51FD2F14B6723D0EF91C8C5AAE73A1AA7E6BA1780409129E179B9A96A9C9CF39D3E4EDDE6D0B3057B7AD03B2C90A2501E76375C2403FC3A06EA
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!..... ...........?... ...@....@.. ....................................@..................................?..W....@.......................`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H....... <..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADPP)6..).......n.....V ..(`5.........].......}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."..&...'vAw(

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\en-US\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):9728
                                      Entropy (8bit):4.642876026072715
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D3105E9DB5AAC25193D6C6D2D99349F6
                                      SHA1:551362C83428F52837A97A9C988D993E4B9DC573
                                      SHA-256:86B3513221F9D1EDAC50AFB7A43CDEEE1599CDC69F37D6C52BE7F2A0BF014E66
                                      SHA-512:79A10CB9383F07CB17B16AF8CEA52B28A0E5C7D01AED21ED0CFF05AE669ABB4D9AD3585CD117407E272D98C52524F115A4B93BAC8FB42D6574533B243F5935CB
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................<... ...@....@.. ....................................@..................................;..O....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................<......H.......h8..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....E.......PADPADPP)6..).......n.....V ..(`5.........].......}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...............v..-../.x.EZ..N...D|-..... ...?.!..v"..v"..v"..v"..."..&...'vAw(...2c$Q:

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\es-ES\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):10240
                                      Entropy (8bit):4.786460153800688
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:09681EF51303E2E6CD5E6713FF294435
                                      SHA1:CB9E18AA9D899B8E75C9260066CB56DCAAE93154
                                      SHA-256:38EB66E04D8EEF91D6EBF0808D76E55DE1F347D4D464BBD5BF545E11900DE6C6
                                      SHA-512:0AE7388399F67B3D14E09E3F7BC47DD18DFF87CCAEE279F7CCEB614A053D3327062E898FFD2EDDFADE8B0D5B8CC074BEAF439ABB8E9964199817FC43CC7659AB
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!..... ...........>... ...@....@.. ....................................@.................................x>..S....@.......................`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................>......H........;..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADPP)6..).......n.....V ..(`5.........].......}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."..&...'vAw(

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\fr-CA\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):10240
                                      Entropy (8bit):4.89124387701002
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F818537B70C4CB6ABC4949FA6A1AA4A8
                                      SHA1:C95F5AE34966BD90C3DF33D091382009B780952A
                                      SHA-256:8D14E0B8847D9C5D71EAB73115F0FBE89798B4B0E84FBC2AD81C411AC2F5AFEC
                                      SHA-512:207CEE391A9D03A0F306799176E04A400E7B8E1C0C9D5A819D03C24D17E02FAF5A2D409AEC37BD0C4A2FB899E5F520298B4829120F3A5585F0980FDC1F67BEF9
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!..... ...........?... ...@....@.. ....................................@.................................\?..O....@.......................`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H........;..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADPP)6..).......n.....V ..(`5.........].......}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."..&...'vAw(

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\it-IT\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):7680
                                      Entropy (8bit):4.535285369986521
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F2822BA70932056918186EE7AB5EE46A
                                      SHA1:662502FD83D31A61D94D61F7E2579CFF0689C5BA
                                      SHA-256:E7FF822CD0E0EE4E9BEFC016EA815AC5835F09C24502A18F6727E579BADCC7B4
                                      SHA-512:9B865226D8EEE11BF5124A4FF58C1D3D34E95269FECA647A7C7C802D3D5B88EC7F92CF6BB206B50959A99F611AF6CD2C031D687CCB98E599561B97408732AAB7
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................4... ...@....@.. ....................................@..................................4..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H........1..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPP)6..).........V ......].......}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."..&vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~t...............P...e...2.......................

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ja-JP\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):8192
                                      Entropy (8bit):4.98190279189714
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:C93DB8A30F016DDC963592B9EC8DB51A
                                      SHA1:EA76F117AFA75190908D9C606C5BA91E4AE0A4EB
                                      SHA-256:48C6F0C8E5323ACD383BFF4B9407854B1ABE3B7CD88F81E7B41139C88167D73D
                                      SHA-512:F7F45BF3B0E76D7B366D54A2DEA808BD09C52E14BBCE7E9B881E7F360744B3C8E0017873726C23E370E2B5A7EF5CC876953A5211E15676DB22F6820FA2079450
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................7... ...@....@.. ....................................@..................................6..W....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......`3..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPP)6..).........V ......].......}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."..&vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~t...............P...e...2.......................

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\pt-BR\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):8704
                                      Entropy (8bit):4.739417342380106
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:0ADD586EA8B12D274D453BEF1DC09A4B
                                      SHA1:558A1C60A2D0F60EF4C5EFC282403C2BCE382343
                                      SHA-256:59122B50D3C6CC5C9C3CB6548041F1A468717A44DF38EB8864D95F3B5837448B
                                      SHA-512:48BC837DC8316D56900E286BADA2ED4F65E17BFC2FDCB5741E87CDA3977A5045A75733A10DEA277F314482E9C49704F18D1CBFD38E676D69FBBD0AAA12EAAD2A
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................n9... ...@....@.. ....................................@..................................9..O....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................P9......H........5..d...........P ..e...........................................a..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....9.......PADPADPP)6..).......n.....V ..(`5.....].......}........E(/...-.C.... ...#..S.n....xv.|.-..X:..o.....V...h...................v..-../.x...1.D|-..... ...?.!..."..&...'vAw(...2c$Q:..C?.9.W*..Y`..[.F.^:1;j...pg.Jq..cv...w..~...~

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\ru-RU\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):10752
                                      Entropy (8bit):4.88647552888645
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:A8EB23DA5A7A026FC40FC80D45773930
                                      SHA1:2C41DEBA5F32B358B39FBF7B3042DA35F0F801FC
                                      SHA-256:4CF40997858BC1919BF704B322642A7024D71EB41CD9339D9C62F583CB7B3713
                                      SHA-512:5D2B029803CE3976716882837447B74DCFF3E888A317A09DADCFBE2432123CF6585951D2D382D48CFEA76C016803B781BD42EC41734B644AFCFC5FCF91C94CE0
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!....."..........^@... ...`....@.. ....................................@..................................@..O....`............................................................................... ............... ..H............text...d ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B................@@......H........<..d...........P ..U...........................................Q..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....9.......PADPADPP)6..).......n.....V ..(`5.....].......}........E(/...-.C.... ...#..S.n....xv.|.-..X:..o.....V...h...................v..-../.x...1.D|-..... ...?.!..."..&...'vAw(...2c$Q:..C?.9.W*..Y`..[.F.^:1;j...pg.Jq..cv...w..~...~

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\tr-TR\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):7680
                                      Entropy (8bit):4.826441231922471
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D0B891BDD8A9CB2ECEF467043456B896
                                      SHA1:D12373D9D8BCBB389A3300BF50D936E645912914
                                      SHA-256:B6876B549DB6AAACFA023DC9B26730DBA139B44203918CE98A633BF35E4BFA9F
                                      SHA-512:BEA9413652C54BB6420656779B5BBFB0372B2B38CB65CB72CD4B6975B9507EF4DA888FA4A389CEBFEF3F9C59C60FE2576EECEA6ECE99272B481E8B233486AB54
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................5... ...@....@.. ....................................@.................................|5..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H........2..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPP)6..).........V ......].......}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."..&vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~t...............P...e...2.......................

                                      C:\Users\user\AppData\Local\Temp\7zS855E9B1B\zh-CHS\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\setup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):7168
                                      Entropy (8bit):4.999122121646254
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:581CC2E4A7B67F04B3736AFE592C3BA5
                                      SHA1:9FC02611B6FB97710FA249AD0EFB18C57C7F56E3
                                      SHA-256:EB2384F4871B5DBA83FD3F5B076442B4AEAD1E57ED10E9095C1E13B45AC8BCC5
                                      SHA-512:E01F1A2C7474A4C2F860076D474702C6797DDFB6BD6D5EBD4EF7609AAE6EDB57B61ED7E1B9C0A6ACAF9589140A5DCE7F392FC55C797A6DEA8D6F5F9D4D664375
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................3... ...@....@.. ....................................@..................................2..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......X/..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPP)6..).........V ......].......}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."..&vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~t...............P...e...2.......................

                                      C:\Users\user\AppData\Local\Temp\CSC9FF9.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                      File Type:MSVC .res
                                      Category:dropped
                                      Size (bytes):676
                                      Entropy (8bit):3.267240884156178
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:B7F71FB48B26131D79C354113EC34CA8
                                      SHA1:8880FEB80597E7FDEA5AD5492469E63EDABC443B
                                      SHA-256:C3F5AF0F7E9EFC3CBB2A503087B4241082EA93E0AE7E24C951D7666F1EBB5F8A
                                      SHA-512:8E18D85357CF30174471128B949E8A92AD8537F534BA687C523E8152A5C868EF990F63F7F6C7E9A92FCA0FF89FC922E2DF6824795C7240C5DC60B9C526D96AC2
                                      Malicious:false
                                      Reputation:low
                                      Preview:.... ...........................d...<...............0...........d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...8.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...2...5.1.9.....<.....I.n.t.e.r.n.a.l.N.a.m.e...b.w.n.e.s.k.v.k...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...b.w.n.e.s.k.v.k...d.l.l.....<.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...2...5.1.9.....@.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...2...5.1.9.....

                                      C:\Users\user\AppData\Local\Temp\CSCA8F2.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                      File Type:MSVC .res
                                      Category:dropped
                                      Size (bytes):676
                                      Entropy (8bit):3.246229296860507
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:0262B341907822CDE8CA4975707C72E9
                                      SHA1:F3E2799BA540340FCE9C3019A6849ECB81C4929B
                                      SHA-256:6938813FEEC301D4E52793CE15BDD4E1A781B181D6D3B81006C2A04C8CC47407
                                      SHA-512:DD104D9B0209F9A8DF9B2A3F918A2BFACB9946D7686407EDBFD4F0DC3514537E830B6EEB09B9CDCD4799111EFD6F1AEFD8F18F564A465EE299544C613DAFA102
                                      Malicious:false
                                      Reputation:low
                                      Preview:.... ...........................d...<...............0...........d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...8.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...2...5.1.9.....<.....I.n.t.e.r.n.a.l.N.a.m.e...g.u.1.r.l.z.u.i...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...g.u.1.r.l.z.u.i...d.l.l.....<.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...2...5.1.9.....@.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...2...5.1.9.....

                                      C:\Users\user\AppData\Local\Temp\CSCB3DF.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                      File Type:MSVC .res
                                      Category:dropped
                                      Size (bytes):676
                                      Entropy (8bit):3.255933092955316
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:79006A244F1FA66DB0020BEE2FE629CD
                                      SHA1:A8316A5376130B286BB313F71A46BE82F2C21544
                                      SHA-256:41654685586A40B259F7AB0AF1B8431129E8796E3AFC2F38F9A84E9D082ADAC2
                                      SHA-512:ABEF377940F535CF1D4D0A5A86C7FD73CF694D302404B3B3386CE50C5A22CE921BD5462CB74B29F4EA977FFCBD7B50E9F9CC39F55E754CAE68206FD1C14AB6B7
                                      Malicious:false
                                      Reputation:low
                                      Preview:.... ...........................d...<...............0...........d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...8.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...2...5.1.9.....<.....I.n.t.e.r.n.a.l.N.a.m.e...u.l.d._.v.m.t.s...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...u.l.d._.v.m.t.s...d.l.l.....<.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...2...5.1.9.....@.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...2...5.1.9.....

                                      C:\Users\user\AppData\Local\Temp\RESA00A.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x41e, 9 symbols, created Thu Nov 16 13:22:52 2023, 1st section name ".debug$S"
                                      Category:dropped
                                      Size (bytes):1220
                                      Entropy (8bit):3.715109889635321
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:3F032A96900EDDDE3A649457B5077447
                                      SHA1:5566D56AFAAB5A97000A1DF8DC4C7ECF9722E4D0
                                      SHA-256:AE477E7DF1CAC04D0EF2D295128B6F9E4B95F0A39F2F064B97B66F3B77E63FE7
                                      SHA-512:923BFB630095AA1EE9F76A87B7CFF3F49076CDB4DCF3402CC8767781B8AD8D1508531E5AB10D3C9D6793599131BBF3DE0D38B01289366483B81D3672047BE7BC
                                      Malicious:false
                                      Reputation:low
                                      Preview:L.....Ve.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........h...................@..@.............c:\Users\user\AppData\Local\Temp\CSC9FF9.tmp......................&..y.T.>.L.......b...3.......C:\Users\user\AppData\Local\Temp\RESA00A.tmp.+...................'.Microsoft (R) CVTRES.................................................0.......................H.......d...........H.........d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...8.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...2...5.1.9.....<.....I.n.t.e.r.n.a.l.N.a.m.e...b.w.n.e.s.k.v.k...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...b.w.n.e.s.k.v.k...d.l.l.....<.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...2...5.1.9.....@.....A.s.s.e.

                                      C:\Users\user\AppData\Local\Temp\RESA903.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x41e, 9 symbols, created Thu Nov 16 13:22:54 2023, 1st section name ".debug$S"
                                      Category:dropped
                                      Size (bytes):1220
                                      Entropy (8bit):3.692205675716161
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:26D6907077D4E5B6FF70B04C4F0B5ED1
                                      SHA1:0AE616126017828E785E1CB8C7855A90D07F3E03
                                      SHA-256:1782F6D76438998FB0D0150B3B3D7EA7DBAA129E1426F1755ED06AC6F0C03E4E
                                      SHA-512:9DFE9DA01EAFA07D4EA6AD9C959B401210AF5042411D380ACB3DE489B89CC3A7D6D938DD4B84D7FF63BF5148792A0E29C1BB8D0D81C2DF9326AA60C51E580820
                                      Malicious:false
                                      Reputation:low
                                      Preview:L.....Ve.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........h...................@..@.............c:\Users\user\AppData\Local\Temp\CSCA8F2.tmp..................b.A.x"...Iup|r.......b...3.......C:\Users\user\AppData\Local\Temp\RESA903.tmp.+...................'.Microsoft (R) CVTRES.................................................0.......................H.......d...........H.........d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...8.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...2...5.1.9.....<.....I.n.t.e.r.n.a.l.N.a.m.e...g.u.1.r.l.z.u.i...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...g.u.1.r.l.z.u.i...d.l.l.....<.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...2...5.1.9.....@.....A.s.s.e.

                                      C:\Users\user\AppData\Local\Temp\RESB3F0.tmp

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x41e, 9 symbols, created Thu Nov 16 13:22:57 2023, 1st section name ".debug$S"
                                      Category:dropped
                                      Size (bytes):1220
                                      Entropy (8bit):3.6923277499276277
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D23761DFC374A3E4DA61307A0D78C4D4
                                      SHA1:6AC05A571B7BB99447084584F3AF1368CCA844DE
                                      SHA-256:0596C8EE78D797646463E4389E1714A63A15748C29B25D49D57063A400EDF9A6
                                      SHA-512:4ACF34131616B1AD6754C2A26C994BEA8F2C7FA38CF39ED200F8454771ADAB4C03AD7E3CDFC94FC0DBD0BE2A3B1F794DBADA51308DFB54CF61983457060BCC60
                                      Malicious:false
                                      Reputation:low
                                      Preview:L.....Ve.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........h...................@..@.............c:\Users\user\AppData\Local\Temp\CSCB3DF.tmp.................y.j$O..m..../.).......b...3.......C:\Users\user\AppData\Local\Temp\RESB3F0.tmp.+...................'.Microsoft (R) CVTRES.................................................0.......................H.......d...........H.........d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...8.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...2...5.1.9.....<.....I.n.t.e.r.n.a.l.N.a.m.e...u.l.d._.v.m.t.s...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...u.l.d._.v.m.t.s...d.l.l.....<.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...2...5.1.9.....@.....A.s.s.e.

                                      C:\Users\user\AppData\Local\Temp\WcInstaller.log

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:modified
                                      Size (bytes):2340
                                      Entropy (8bit):5.0295423649262165
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:2A980C2532E9193BD7FDDA00B244E914
                                      SHA1:3E71E0590A1343B7357D479DA98BD834A71B7DFC
                                      SHA-256:7864FF601CB61654EAF0F9F4DFD7F9252A44C12AE3EB455E3A930089CD7B1CD2
                                      SHA-512:1692540686AAD2B1474AE6F98894EC1EB599803268BE42551286E02177A1A4567F7571C3A76E6BD9C57056028926D1FFDD2353B63E595FA6A2FBBF4B3E75CB76
                                      Malicious:false
                                      Reputation:low
                                      Preview:Detecting windows culture..16/11/2023 14:21:26 :-> Starting installer 10.901.2.519 with: .\WebCompanionInstaller.exe --savename=Setup.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18282981021 --version=10.901.2.519, Run as admin: True..Preparing for installing Web Companion..16/11/2023 14:21:29 :-> Generating Machine and Install Id .....16/11/2023 14:21:29 :-> Machine Id and Install Id has been generated..16/11/2023 14:21:30 :-> Checking prerequisites .....16/11/2023 14:21:30 :-> Antivirus not detected..16/11/2023 14:21:30 :-> vm_check False..16/11/2023 14:21:30 :-> reg_check :False..16/11/2023 14:21:31 :-> Installed .Net framework is V40..16/11/2023 14:21:31 :-> Prerequisites test has been successfully passed..16/11/2023 14:21:32 :-> Downloading the latest stable version 10.901.2.519.....16/11/2023 14:21:34 :-> The latest stable version of Web Companion has been downloaded: 10.901.2.519..16/11/2023 14:21:35 :-> Extracting C:\Users\user\AppData\Local\Temp\WebCompanion.zi

                                      C:\Users\user\AppData\Local\Temp\WebCompanion.zip

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):11204891
                                      Entropy (8bit):7.994614399632177
                                      Encrypted:true
                                      SSDEEP:
                                      MD5:35C46BD17F521B2538081BFBB7CD491C
                                      SHA1:118B7C0E3EF2989672C7E4E7467B0FB7B5C06A73
                                      SHA-256:B9646664245A3DDA1FE26EFA6D71B11883DF383F764ADED75976980BED4E18FD
                                      SHA-512:0567F7212455EACA7E7516F618BAC395A6CF0BAD9A232B008AF7B9115DB63C40A86707601D45173DD6528EB296A1AA6F2226CD5EC5515E2FFB280D88270D4972
                                      Malicious:false
                                      Reputation:low
                                      Preview:PK.........S.T.....B..H.......Application/7za.exe.yxTE.8|{I.YH'@CX.V[..%c@.4h_.MnCG@DQ..h......".o:.VGqF..q...s.e.Q....../.,..^..Y$$,..9.noI.>......y.w.:u..S.N.:Uq..A..#... ....C..?....-.....u:.....;o.u~..wU.v.u.m.....z...*.~....)..=p.....i0..vw...._....f..7.......[....s.:.......y-.b....3..t.u.K..x4E...}7E.....2.&Ah.._..w9-p..@...s.._.....F/?....J...t.N........0M....*...c..4R...w.(....y....>.fl..u..*..GU.q..6Ah{OG0...)9!P.1.'......R...)<..5]h.|....u.f.......T.AZ.8m...........?i...o...g..7H...%E_..Bi..d.... .f.].&I9.QZ.u.....(... ..1z..V_*...)...2..PN.[..1r..2...d....3L...p[!x.c......i..&.^mr.7.E.rS...sp.N.....v.....i.3!.!_.%.*."V......l!...9.`G.~I9..!..0HJ..?l.7..2"U.9...RY..=b..k.~y....0.l}..m)...h..9.........f....JMN..SU.....HH.$......Y...I)8..=s>.).PH!.L....e...J..`b.S...[.z.ne..2..{b.sbu...\n...y.....K..S..k..8-.&T...).=.b...A.kAz...n.r..W5*..[......7.(p.A.i.....Z.`......&.....H..a..|..[O.i....$^...Z....G...gC.@..Y._..yJ....$#zh.e....+.

                                      C:\Users\user\AppData\Local\Temp\bwneskvk.0.cs

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):45229
                                      Entropy (8bit):4.59176608054955
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:323E07CF1FC7CCE9F841B91EC7CD4D12
                                      SHA1:1B64741E884BB6E2791CAAC1EBE2F4A9C5495349
                                      SHA-256:F0D1F898B5B8E0E18E1F23FBC037216B76BB4E1DECA470674F9E8CC364654953
                                      SHA-512:06577BC45B292F6B8CE13E44DBCB9A8CEB8C5B6CA2E351F764CFCADCBA37307A64F3E1D7C2C65A7E17FA012A2CC56ACECAA2C6B6D47F71033C38AA3747A15604
                                      Malicious:false
                                      Reputation:low
                                      Preview:.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.2.519")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterGeoIPServiceSoap : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_GetCountryNameByISO2(object[] p) {.. WriteStartDocument();.. TopLevelElement();.. int pLength = p.Length;.. WriteStartElement(@"GetCountryNameByISO2", @"http://lavasoft.com/", null, false);.. if (pLength > 0) {.. WriteElementString(@"iso2Code", @"http://lavasoft.com/", ((global::System.String)p[0]));.. }.. WriteEndElement();.. }.... public void Write2_GetLocationResponse(object[] p) {.. WriteStartDocument();.. TopLevelElement();..

                                      C:\Users\user\AppData\Local\Temp\bwneskvk.cmdline

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (429), with no line terminators
                                      Category:dropped
                                      Size (bytes):432
                                      Entropy (8bit):5.455717875334198
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:55FC8539A8E86DDEEB2815DAB61FAF62
                                      SHA1:1C5B1C81DFB7AFC136991F44A2FFAECBA5C8ECEB
                                      SHA-256:982217218CB34439B8F6C577AA5DAC5733A9D75ED3EE51E8C2140345952DEED1
                                      SHA-512:595F627C409F3D3244120FFC9ABA1D8EA183DA0C75A8D931C5123C759C717758348F9EBEA03473406FD448DA2E73AF4F76F4E694F333C43C14E429C8ECF86937
                                      Malicious:true
                                      Reputation:low
                                      Preview:./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" /out:"C:\Users\user\AppData\Local\Temp\bwneskvk.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\bwneskvk.0.cs"

                                      C:\Users\user\AppData\Local\Temp\bwneskvk.dll

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):19968
                                      Entropy (8bit):4.676194462063427
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:8588CE63C078988856CCAAD496DEFA70
                                      SHA1:8301D427F1BCAAF03DBB0A3C944035EBCEE1D475
                                      SHA-256:7234CEE69BB196AEEC7870F1DF9C8264D4ABD3C2443243C91F06521FB5F795A1
                                      SHA-512:823313C3EBC21296BD0A7A7FEA64AED2C8E6F736A88B5655AF3C8F4C12E472F4C372ABAA4C422362A16E6EF711EB663BA05C74808F22548B08B4D42DFEEA804E
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ve...........!.....F..........Nd... ........@.. ....................................@..................................d..K.................................................................................... ............... ..H............text...TD... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B................0d......H........9...*...........................................................0..E........(.....(......i..r...pr+..p..(......1..rU..pr+..p...t....(.....(....*....0..E........(.....(......i..rg..pr+..p..(......1..r...pr+..p...t....(.....(....*....0..E........(.....(......i..r...pr+..p..(......1..r...pr+..p...t....(.....(....*....0..E........(.....(......i..r...pr+..p..(......1..rQ..pr+..p...t....(.....(....*....0..E........(.....(......i..r...pr+..p..(......1..r...pr+..p...t....(..

                                      C:\Users\user\AppData\Local\Temp\bwneskvk.out

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (531), with CRLF line terminators
                                      Category:modified
                                      Size (bytes):738
                                      Entropy (8bit):5.552853281220488
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:6C0A198DCF9014EC7129226AD677D337
                                      SHA1:BBD972276A3E752E9AF7E1DF55C72A7DB8CF47EB
                                      SHA-256:09F3FFD591A6013C3332FBF53C922EC02868ACE357393DD7580863F082231AFA
                                      SHA-512:2B6F0B294BEE5878DD8917501638735180C3BB321A675E2F4D37C05D30EA49A84B065E2B4389DB3FB4085FA33B28BB76BB17DADE2472233784FA1A2B5CDECA47
                                      Malicious:false
                                      Reputation:low
                                      Preview:.C:\Users\user\AppData\Local\Temp\7zS855E9B1B> "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" /out:"C:\Users\user\AppData\Local\Temp\bwneskvk.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\bwneskvk.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

                                      C:\Users\user\AppData\Local\Temp\gu1rlzui.0.cs

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):78295
                                      Entropy (8bit):4.537685315381468
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:6CBA423B75434FB4B4F347DBBBBAB0B8
                                      SHA1:70920E0F9293460CE62A5BCBE442FC1E715B331C
                                      SHA-256:EAED99E43AFFA722D7477C520D038E65C1E8D26F5A42101198CE9D644AFC46C1
                                      SHA-512:A864801006CC789A6F0D2C1478AA69D956CBBBA6F0DE2DA25CD4CAD90D5678F00C18EF866AD8B8C87522ACDE8472E7873790E9DBEEE4E03067C66108198D37C4
                                      Malicious:false
                                      Reputation:low
                                      Preview:.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.2.519")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterGeoIPServiceSoap : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_GetLocationInfoResponse(object[] p) {.. WriteStartDocument();.. TopLevelElement();.. int pLength = p.Length;.. WriteStartElement(@"GetLocationInfoResponse", @"http://upclick.com/", null, false);.. if (pLength > 0) {.. WriteElementString(@"GetLocationInfoResult", @"http://upclick.com/", ((global::System.String)p[0]));.. }.. WriteEndElement();.. }.... public void Write2_GetIpLocationResponse(object[] p) {.. WriteStartDocument();.. TopLevelEle

                                      C:\Users\user\AppData\Local\Temp\gu1rlzui.cmdline

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (429), with no line terminators
                                      Category:dropped
                                      Size (bytes):432
                                      Entropy (8bit):5.458259674952488
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:E599E781A869256AB35071967C8E3A99
                                      SHA1:98330C90517D065191BE8A3F2A700A82CD6ED988
                                      SHA-256:1402BF704BEC1C0778F63318EDCBC3270B69FBA59F327854138B7A3AF7ED390B
                                      SHA-512:51DD09BAE30AD2E572B21DF9F1D47143C48734EBA15E411CC582F75B8AE26A25B34526D8CB7ECE0B75F2873D392866DB076B56F1B4531A607FF18C9387326552
                                      Malicious:false
                                      Reputation:low
                                      Preview:./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" /out:"C:\Users\user\AppData\Local\Temp\gu1rlzui.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\gu1rlzui.0.cs"

                                      C:\Users\user\AppData\Local\Temp\gu1rlzui.dll

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):40960
                                      Entropy (8bit):3.8344983062888405
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:4F47EAF3AEB410E6B6CDF0CDC691F517
                                      SHA1:AAC8B8E16BB89C4BA3E0FC2FD0EBAA794E79CC86
                                      SHA-256:4FA01DA6B404963613928CFE238E866B9E4CBBE4BCA18F7D0FF19D9C3A0D4717
                                      SHA-512:D6C839F599D38B7A86155B54FF46C37AC79D4A74120E4A768433115D4CBA6FF3FFD18C13B27BBC7A1B2CA44091439AFD6363D19EF41C879774A0AE15CEC7AE85
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ve...........!.....p... ......n.... ........@.. ....................................@.....................................W.................................................................................... ............... ..H............text...tm... ...p.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\gu1rlzui.out

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (531), with CRLF line terminators
                                      Category:modified
                                      Size (bytes):738
                                      Entropy (8bit):5.554711308488898
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:8B0C11039608B122580A4F8ED25D3DF3
                                      SHA1:5B681600504131D06498CD7203EDF6639B61B2DC
                                      SHA-256:46764CD9B6CD010390F8D72757AF5683EAA8101719B1D0CC9DBFAD429E10446E
                                      SHA-512:5A7607A897C51EE2D79B2C125DB7E8500348DE0C9B8F21F1B1902622B23DCCF021819D4F023DFBB5F34FD80E236BD8A904FC07F7208AD97F90C77B6266507D44
                                      Malicious:false
                                      Reputation:low
                                      Preview:.C:\Users\user\AppData\Local\Temp\7zS855E9B1B> "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" /out:"C:\Users\user\AppData\Local\Temp\gu1rlzui.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\gu1rlzui.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

                                      C:\Users\user\AppData\Local\Temp\uld_vmts.0.cs

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):11732
                                      Entropy (8bit):4.569575040647999
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F8D4A1D5BA9DC547A37251D7C58A594C
                                      SHA1:4C8B23045185EAE898F6DD41A81FC617DC23E146
                                      SHA-256:3C1DDBCCFF45CA6DC2615D03DBE1F892779FD4CC50B0464D941B4F8A394C50E5
                                      SHA-512:53A95047B4AD43667D163C40A50ECCE6C37087E317CA9DFC1DCBE982A1649E9F74AF0A426323567906FD076A71F24D334721AA30360A3E57E5494C9023DF407C
                                      Malicious:false
                                      Reputation:low
                                      Preview:.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.2.519")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterGeoIPServiceSoap : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_GetIpLocation(object[] p) {.. WriteStartDocument();.. TopLevelElement();.. int pLength = p.Length;.. WriteStartElement(@"GetIpLocation", @"http://upclick.com/", null, false);.. if (pLength > 0) {.. WriteElementString(@"sIp", @"http://upclick.com/", ((global::System.String)p[0]));.. }.. WriteEndElement();.. }.... public void Write2_GetIpLocationResponse(object[] p) {.. WriteStartDocument();.. TopLevelElement();.. int pLength = p.L

                                      C:\Users\user\AppData\Local\Temp\uld_vmts.cmdline

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (429), with no line terminators
                                      Category:dropped
                                      Size (bytes):432
                                      Entropy (8bit):5.4327914258947345
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7C4F5BF47CA3957F52F5FA56183AD74A
                                      SHA1:4099F23336D7BC64DE4A2DB3CAFD7D6CE4A90371
                                      SHA-256:C72D4E63005E824534A583780D36BD977B78AA5858F779159F1FA2E71C294580
                                      SHA-512:141CD1ACB19B1278AF635958D349F1ED4603F76474F7AB437C909D20C546A3298699B7B813117790D6B19F3EC408EFF5F40EF0079C5844649545B79ADB9C1AE2
                                      Malicious:false
                                      Reputation:low
                                      Preview:./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" /out:"C:\Users\user\AppData\Local\Temp\uld_vmts.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\uld_vmts.0.cs"

                                      C:\Users\user\AppData\Local\Temp\uld_vmts.dll

                                      Download File
                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):8192
                                      Entropy (8bit):4.485518920716211
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D1E2C1A55ECF7E4C858D6D94CC80AC2D
                                      SHA1:145D7132BF63D1E1CC94CD55C82BF20AFAB76E4B
                                      SHA-256:A3115CCE30A00286B77D85075C8604F3852EFD8265770C3332C7F06581F60603
                                      SHA-512:67D50E2ABE951CEA77CF4899CF77F530CFBEC7E6F2903BA868FB484F990A68AC476CA4252EEFB102FC036C1D4E46FCC085388F88AADDBC00505DB84F20EC24B2
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ve...........!................n7... ...@....@.. ....................................@..................................7..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P7......H.......h&...............................................................0..E........(.....(......i..r...pr...p..(......1..rE..pr...p...t....(.....(....*....0..E........(.....(......i..rM..pr...p..(......1..ry..pr...p...t....(.....(....*.*..(....*..0...........(....o....&........(....o....&...(.....86....(.....{.....{....o....9............(....o....,..(....o.....(....o....&8.....(....o.....(....o....&....(......+}.(....o.....3M...-:.(....o.....{....3'.(....o.....{....3....(..

                                      C:\Users\user\AppData\Local\Temp\uld_vmts.out

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (531), with CRLF line terminators
                                      Category:modified
                                      Size (bytes):738
                                      Entropy (8bit):5.544804830931614
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:A755E122B1DEC18570D71DF653939A16
                                      SHA1:74A2EEB883F174A2AA8010194B0EC73A5D22CE5D
                                      SHA-256:66EA4CA2605F9CB545D8C58BF551610425209D6CE1DD820965BD083A6EB7CFDA
                                      SHA-512:EE82882A8BF64E3DFF63A4965E1AE426D05A714A8F7DB69BA247B0303BA09FC1082F1ECD44C0ECEBCD276DEEC57B70614A1A6CDD23BFEB6463ABF429E5E33C27
                                      Malicious:false
                                      Reputation:low
                                      Preview:.C:\Users\user\AppData\Local\Temp\7zS855E9B1B> "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" /out:"C:\Users\user\AppData\Local\Temp\uld_vmts.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\uld_vmts.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\7za.exe

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):466760
                                      Entropy (8bit):6.222857061940494
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7B7886B90339FE4940E7052618F347F6
                                      SHA1:A2169409D6A262847097EB49B5F27DC7D6E087D5
                                      SHA-256:52AF7460762A7E3F84CCF87628D0866B77318EFCB4BCC86430196BFB842D51B4
                                      SHA-512:1ADF8553D2D220B4A645EBD49F2FE797E68A591B3A30267FC13BCA01E96C06CB9FD8079BCCC9041C9E06BA632D5983DEA037B7AE611F206F8A102998E528F7AA
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 4%
                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........j.[...[...[...-.y.Z...-...P...[.......-.j.....-.i.T...@.Z...-.x.Z...-.|.Z...Rich[...................PE..d...p.mZ..........#..........N................@..............................@..............................................................D...x....0..........X_......H-...........................................................................................text............................... ..`.rdata..............................@..@.data....,..........................@....pdata..X_.......`..................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUEngineS.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):3326352
                                      Entropy (8bit):6.603219835856378
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:3DAE06217531B92FD7D2509059320E05
                                      SHA1:238205DF5704D02F16C1D587AB836CCCB2E2F0AE
                                      SHA-256:7EEA058588F69F90C57D890278506FD9B61966C496C417E27A52F0463EC8D856
                                      SHA-512:C4D6CE98D79FEEAE117ED1218496B32824CE4EB82EA45B327CAA7E5A83D9744D4C9856D799115F4947051A8DE753ABBF1AAFF22A270A18E7DD3C4B7060F112B9
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 4%
                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........M..#...#...#.......#..l..#.."..#.kD..#.kD...#.kD..#.......#..l..#...#...#.......#..."...#..l..b.#..l..#..l..#.......#..l..#.Rich..#.................PE..L....r.U...........!......&.........y.........&.............................. 3.......2...@.........................../.f.......T.... 0.............H.2.H-...00.......&.8....................8,.....H8,.@.............&.`............................text...7.&.......&................. ..`.rdata..6=....&..>....&.............@..@.data...d.... /......./.............@....tls..........0......./.............@....rsrc........ 0......./.............@..@.reloc..,....00......./.............@..B........................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\BCUSDK.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):726344
                                      Entropy (8bit):6.42594965793544
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F61BE870685697DE27A3CDD85C078CDE
                                      SHA1:E71AFBC653779AEA1A2D78521AADEE61E58F5627
                                      SHA-256:47E15BCC568BC4C9AA9DCE06423BDD93BE4FEC9E09DA7A6B98556CE2BFB3EBA4
                                      SHA-512:9A1FB012CA53E276117BB0285F6D85DF1BDE2F40D803608A45D389E23548FDA97FBDFEA6F5099450E788630EF6013A649407829C51140DCCABD2C7066818FCDE
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 4%
                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P...>...>...>.mG....>..!....>..!..t.>..!....>.......>...>...>.......>...?.*.>.1.....>.1.....>.1.....>......>.1.....>.Rich..>.........................PE..L.....U...........!.....J..........`........`...............................`......l.....@..........................:.......-..x....0..................H-...@...f...b..8........................... z..@............`..,............................text...LI.......J.................. ..`.rdata.......`.......N..............@..@.data........@.......,..............@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\DotNetZip.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):469320
                                      Entropy (8bit):6.84391554255823
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:25550D95819CB37304A0F87FF5F06071
                                      SHA1:542553A7ACD0FD32B0D5693FB78F3CCDF38D98EB
                                      SHA-256:BB525F29A3EE52764CC1B5632139035633C57F0718B663BC310D7E5F8781E2DD
                                      SHA-512:47E5E771333FB1C40B1C340EDEA36EF459B65C60CEC3F6ADF275B1BBC7103F4366B1740D2CE09B24B2A5DDEFA295B79E9469741E1121A68900B426B4EF66663B
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 4%
                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q..Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..................H-...@......d................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......@.................../............................................{....*"..}....*.*..(....*..0..F.......s....%r...po.....{.........(<...o....r...po.....|....( ...o....&o!...*...0...........s"......o#...(....*.0.............{......E............,.......8...D...+Q..{..........+M..{.......+A..{..........+2..{.......+&..{.......+...{..........+.r...ps$...z.*6..oh...(....*..(....*....0..a.......s....%.|..........o!...o....r...po.....{.........(<...o....r...po.....|....r#..p

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Esent.Interop.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):406344
                                      Entropy (8bit):5.960738033402493
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:4CFAB20713C1FAE4FF5D36434518AB23
                                      SHA1:7E3661887A84811C12AC2A7E2ABF1F62995BB450
                                      SHA-256:503B53690E7A86FF783C2CDA34C29FAFEF01499C535F1E8FCD8A9F98CDD5F8B7
                                      SHA-512:02EF87A180841A45DDC4DA929D878280CD0B2D95F9771698830D06EAA50BCF5FC84D0B65F1DD52A4FE8EE0B936B32073C956B97D5434462038FB2C868BB92927
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....RhW.........." ..0.................. ... ....... .......................`.......D....@.................................\...O.... ..................H-...@......$................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........<6..........................................................&.(......**..( .....*....(!.....*f..s".........sH...(.....*..0..'.......~.........(#...t............(...+...3.*..0..'.......~.........(%...t............(...+...3.*.~....*.......*R.(......o....(....&*Z.(........o....(....&*N.(.....o....(....&*...0...........(......o....(.....+..*R.(......o....(....&*N.(.....o....(....&*N.(.....o....(....&*N.(.....o....(....&*R.(......o....(....&*....0.. ........(........s&

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Extension\@wcextensionff.xpi

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):59316
                                      Entropy (8bit):7.880293608811765
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:8DA01C7329C1AF3202D93C8631E0DF35
                                      SHA1:38F1E5DD6CBB577249C676127BC9565B70F78760
                                      SHA-256:A30D0AA074214F7C6D8E82FE36E6EA4FC17C95F6C772C11D03667911C0475A03
                                      SHA-512:2103ECB37B02C74D51C6C85CBE05A073FFD5860F8644AD54ADB212C690EDF8FE732EA784BA7CECB93DA2022A93B135DDC9E2BBC8DF26AE798CB6F28E2AAE4F7C
                                      Malicious:false
                                      Reputation:low
                                      Preview:PK........hq'H.|b.....K.......META-INF/mozilla.rsa.WgT.k.&..B3H/.Ho_.Mz..........A..A...H...R.H.D@P..).T...^.]..w..={....o..w...<s. .i.(..:.]j..8.@'...$. ........@...$..o.(.........$#.....0..'bc......:r.....b..!...hv...P"..x.g....:....n......c+.......!.;...sL@.;;.q.Hc{wog.=....;@.....D<~.D06.6vvx..(.W4Q..#Z...3E..#..P."xW.._._.*.xa.X....-....q......#(s.....74....;..|.....1 CP..p.6.8.........~..L....x.#..h&...+2..`.}=............."%....$G.)..0.d.=.O?....%.....1@m.7.5...a..KX.z..s.}..g.......4.K..N.*....*..%t.....'..-...._$....W.1X'.X.........OF.`]P.'._...S.t}G....kv.o...kEj.^.)gf.p*.Dn9u ....M.>...x..u...`.*P$xb}~)....k6..o:......j..k....Si.!.D.\.SF....<.d.'..,..Vf...<@M...M<.FEv...l......$U&|YwF.'s1..\W..Il5+./.#.......Bk..&||v~../.Jd..W1.j:c.:..s....-..V.*...?.?.q+.2...N......el.J.5.......='..C.@...W..>gX...k....6.w.4{.2<..W%.Zq-..f.?+d...3.}..#%L.{.P.|.qXk..d.*...hf..Z.{.y=w..l..-.f..M...G.5..N.=m..Mb.....?..1......H@..G.qa(.........g..0.

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):212296
                                      Entropy (8bit):5.740409693122716
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:22DB60594F6616AD45B65F0597AD2CF8
                                      SHA1:DDE71DA23461BF73B75C30427BD19050BA013D43
                                      SHA-256:2BD8CEF6C24F303A4D43E8AF6C157D13C5E68AE12499231ABDB96500E2A119CC
                                      SHA-512:294E6C2325DEE79A3AD629B138C6F0AC5E307F001A288DD1078A75A5E0F275AA1A6A48FBD1C0C60EB7B8E60AFF33E035D5CC46F85AA9A97B2E809A10947DF9C9
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@.......c....@.................................d...W.......................H-... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):60744
                                      Entropy (8bit):5.385726998371103
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F46354531CEE7499BD0197E4FF9C73B6
                                      SHA1:30037054EE439799CDE078A5B58517C4DB65DFA1
                                      SHA-256:C2B4C2ED6220DB225B56306152ABCA1165EBCA3FF4F888E8457B0EBF6F1DC377
                                      SHA-512:099410B9F08A25651BD8F7FA639B34FCB54BFF73055FC7F27CD185EC5F2283459D9FAF4E6377663A284F6878A7FD99DD3A47527892968DE7D9C72E379BCAE45C
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3%DY...........!......... ......>.... ........@.. ..............................v=....@....................................O.......................H-........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):56648
                                      Entropy (8bit):5.445874804155275
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D050DF18BD18BF81ABC997FF64E04FA0
                                      SHA1:90C106A3E2A58C2E6E4AB3E0B14E32520A0E34D8
                                      SHA-256:7B5F7BBF5C1585F596B2A9BB5B67E70696A66F07AC645ACBD9B9451F33C4BEDA
                                      SHA-512:E79A7DBB4474768741DABB5C41885D2F684E6C9C3244657F017C534754ECAC9A5001E251282D087D503CB598AEA836330E8B12612CD6317F8C20DC9318E70A5F
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....FpU...........!......... ........... ........@.. ....................................@.................................H...S.......................H-........................................................... ............... ..H............text....|... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.SHDocVw.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):167240
                                      Entropy (8bit):5.515526918169887
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:AD83738A0BB2DB33D89E3225C3D03C7E
                                      SHA1:DA645B25452BE09CC7C6E8473197FA9D755BD3B6
                                      SHA-256:C92C62AFA02C47CBC692EA31367FF8B509A529D1BEB324EF01AD5037DB8BB019
                                      SHA-512:AAEDF01125F98CAA4EE731C7FBF0B2113FB701833ABDCF2D5D38F4C948A1954A2ED8F342852B813B913F564C6B1434C6BCDA9AFD6D783BF10DB73F2DBA3C9056
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`S...........!.....0... .......C... ...`....@.. ..............................Hx....@.................................dC..W....`..h............`..H-........................................................... ............... ..H............text....#... ...0.................. ..`.rsrc...h....`.......@..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.Shell32.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):60744
                                      Entropy (8bit):5.306835481279488
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:B065613020E07DD31D0DE4971CDC88D2
                                      SHA1:B715CC99A5F35F715A52DB3DAC08A306BAD0230B
                                      SHA-256:C995AC9851A7EE0D286D9E5522FD7EBF7BD67DB78AAB33A39CCC786F8358E209
                                      SHA-512:ED6FA8747AEA530CB15951F7AE5F93828B1D718CA94BC110446912B99D4C36F03AD09DEC51EBF1D0C2EC70C0D194895EC584BB15B0C918F7B8599FBA7C71B811
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A.ST...........!......... ........... ........@.. ..............................w1....@....................................O.......h...............H-........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Interop.WUApiLib.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):97608
                                      Entropy (8bit):5.665296916821256
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:2F31860BAB49E9473E2D1D9667A6DF50
                                      SHA1:A640E45F6AD3BDE26A957BE61FE63C1809851665
                                      SHA-256:3645C26C83620A0159CD4E5F9BFE31FF3945593A184778D4C842DEAB6C2D0436
                                      SHA-512:11B146AFCBF5924459C1BAB2DABE434A650D1D67E33BEF6D02D264D5148AD3364F1C2AF1B2AE964BA90C1E101B5A92B01D52B903D78207A98C78A6279DB15E87
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r..O...........!..... ... ......^7... ...@....@.. ..............................2.....@..................................7..K....@..p............P..H-...`....................................................... ............... ..H............text...d.... ... .................. ..`.rsrc...p....@.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Ionic.Zip.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):473928
                                      Entropy (8bit):6.83550877269996
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:3D8BF84F10EF47EE50C437C255BC3958
                                      SHA1:5AA8F0319DCC0D1CE6FB4577FEDCA2D8A66610F2
                                      SHA-256:8006BFCE39927B96A0642D51BBA0CF7A449BB2B09C62F5F5CB1618E748468356
                                      SHA-512:DB73C6FE81C57B71C2587BAAAED00A092F4476F2EE8268A83DA95F4E3AC5755E801D18B137EBADF118E1B6B89B660DADCBD793647C24E432C0C9A1DF40FBD677
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=N...........!................N#... ...@....@.. ...............................*....@.................................."..O....@..P...............H-...`......."............................................... ............... ..H............text...T.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................0#......H.......0U..l...........P%.../..P ......................................6..`N.?O...%.C.k_..d...I......5a.......9x......R...gg8...JM...`.[. .o..eE1$_.M.h.q.oz..1..........@....s.c/J..wk.D.....t..&...(....*...0..2........r...p(....}.......}"....(........(.........(....*..r...p(....}.......}"....(........(....*..0..j.........o....-..s#...+..}......(......(......}.....(....s....}......}......}......(......%-.&r...p}......j(#...*rr!..p.{.....{.....B...(....*..0..A........{..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\LZ4.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):51016
                                      Entropy (8bit):6.259047963137485
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:CDCB70BEAAEDD97B9A3AF7D1418F75D1
                                      SHA1:C7B908783C687584600B031ED5193F52531A4FA9
                                      SHA-256:9BC5A084C5186F7BCFD5926A020DB3B028755F22B54456C46067C8BFC1619618
                                      SHA-512:D1FF337DA8B4BF79096D7BCFE0D7537A82A41998234FC0D1201EAFC7BBA6A009A4CA1CF7846E8CB6A1B7616BEC4956D56D4916EBE7463F1BFE5D9B02E4370157
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......V...........!..................... ........... ....................................@....................................S.......................H-........................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........f...H..........................................................6.. ....[X..X*...0..t........J./....i.YT.J-....T*.-.r...ps....z..2...JX..i1.r...ps....z..J./.....i..YT.-.r}..ps....z...2.....JX..i1.r...ps....z*..-..s....z*>.......X..c.*6......X..b`.*z......X..b`...X...b`...X...b`*....0..@.............X..b`...X...b`...X...b`.......X..b`...X...b`...X...b`...a*.0.............n...X.n.b`...X.n..b`...X.n..b`...X.n. b`...X.n.(b`...X.n.0b`...X.n.8b`....n...X.n.b`...X.n..b`...

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):204104
                                      Entropy (8bit):5.75643904377331
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:719ABFCDFE4A420ED8DB4B1F407B27C0
                                      SHA1:D8B5B8B670E10A00C3B2B21D147568B6C4A68EDD
                                      SHA-256:4FD95A547D9604810E3EC80D63A564492A1A2D050F985BC228A191E3FDF5631C
                                      SHA-512:B970BE97E23A5F97D70D9AE87512A596E0BEC22EC6E76E8198318EC0C8A2B36CFA9064ED6E7BF514AB44D6DFDE07A0C37C67167C54BFEBDED1ECB3B94D9CE7E6
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q..b...........!................n.... ... ....... .......................`............@.....................................S.... ..H...............H-...@....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...H.... ......................@..@.reloc.......@......................@..B................P.......H.......(................................................................0..........r...p.....r+..p.....r[..p.....r...p.....r...p.....r...p.....r...p.....r...p.....r3..p.....r_..p.....r...p.....r...p.....r...p.....r...p.....*....0..M.......r...p.....r7..p.....rS..p.....rs..p.....r...p.....r...p.....r...p.....r...p.....rA..p.....ra..p.....r...p.....r...p.....r...p.....r...p.....r...p.....r7..p.....rO..p.....rm..p. ...r...p.!...r...p."...r...p.#...r...p.$...r...p.%...r9..p.&...

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):57672
                                      Entropy (8bit):6.227138515684226
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:AE878DCDEBEDCF03B5E4A62971D918CA
                                      SHA1:D2D9B353D4BF046CAB18CAB81999997BA8964341
                                      SHA-256:53915E7582423574C16FE2C25C541E5C0190285D4AAF9723124F5D43AFD506E3
                                      SHA-512:768A97809F490A741A18758D393C410141A9F41F78F1861DA47208C92A38018FBDC14AF0FB3B4D60B991797D0D80E4E5C2A385C6A08B961650790B9FEA2DEECD
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r^...........!..................... ........... ....................... ......>.....@.................................D...W.......................H-........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......hc...e...........................................................0..2.........{....%.(........}.....{......o.........(.......*...........(.......0..*.........{....%.(.......{.....o........(........*...................0............{....%.(.......{....o....(...+....(........*...........#.......0..=.........{....%.(.......{.....o...........-....}..........(........*...........#2.......0..+.........{....%.(.......{......o .......(........*.......... .......0............{.

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):20808
                                      Entropy (8bit):6.678162669482172
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:9B95FE016A253C80687F9609DB21FDCC
                                      SHA1:8BFA6BC0C88C5634E7D91DDCA142CAB818ED30B7
                                      SHA-256:278B3FDFFE1AF6176A883637137D02D60A45362293956A87710E867EA2130D10
                                      SHA-512:19BA051BC7EEE33C69EB0684C3C06F5B22A9C34A3AFFF4EA356AE68E5F448BA09BD6FA1C6253BB21CFB1AEA4634874E5B8F2054A457DD1C19A2B256ED0A83022
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r^...........!.................:... ...@....... ..............................{=....@..................................9..K....@..h............$..H-...`.......8............................................... ............... ..H............text...$.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`......."..............@..B.................:......H........%...............................................................0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0............(........+..*j.(........(.......(......*j.(........(.......(......*~.(.............(.......(......*.s..........~.....s....o.....~.....s....o......*....0...........~.....o.....+..*..(....*....0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0............(........+..*j.(........(.......(......*j.(........(.......(..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):134984
                                      Entropy (8bit):6.020169723226478
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:C86DFE367017DEBA7A77A6724D0CF387
                                      SHA1:C97B810C9755275E45128299A422040544F73422
                                      SHA-256:BC57B7ACAED475FA37A63D0D9167DDF55331A228905E18027C0CBEE30EAE4417
                                      SHA-512:438FE3CD085B0B05E809B85A43E0A721A9BA7790D7FC464B9AA0184D19EB1224277F3DFB95F1AAF104D28E79D07FAF12155D4FB80C02476C0CDCFE9015DCB205
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e9Mb...........!..0.............r.... ........... .......................@......j.....@................................. ...O.......................H-... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................T.......H...........k...........................................................0..=........(....-..#(....r...p(....+...(....r...p(......rA..p(.....+..*....0...........(....rg..p(.....+..*....0..'.........(.......rq..p.(....(.......(.....+..*..0.............(.......(......(...........(...........+..*...................0..5.........(....(......,.(....(....(...........o....(........*..........."#.......0..<.........(....(....-.(....(....+....,.(....(..........ru..p.s....z*........,-..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Extension.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):116040
                                      Entropy (8bit):5.81826097092354
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:5AAF55FACAB711B8DE0757A9A556AAB8
                                      SHA1:1A91463139E4F0277EBD2D41B90B9F7DDD6E2B71
                                      SHA-256:C36C55748844C2B40BEAA2CF9DBACCD2A29A5EABA60101383592779E1DB23D72
                                      SHA-512:560B0341D3340782E96B773213E4DE74F1851319747E184F7650D79F68984D2CBDAF2485B0924BEFE3AEB9784012DD23751E778EEF8736154A628BC6BE650442
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r^...........!.................... ........... ....................................@.................................x...S.......X...............H-..........@................................................ ............... ..H............text....... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H....... ... ...........................................................&..(.....*...0..Z.........(....o.....+-.o.......,..o....+.....-..+..o.........-..+...o......-.........-..o.......*..........;H........(....*..(C...oI...&.(......(......(......(.....*...0...........(C...o)...(...........-...*.0..,........(C...o)...(.........-..+.(.....sU...(V....*N.(C...oH...&(.....*.0..Z.........(....o.....+-.o.......,..o....+.....-..+..o.........-..+...o......-.........-..o.......*......

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):205640
                                      Entropy (8bit):6.199698111890143
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:CAF44EA17BB2C6A033F3E60F85306FCA
                                      SHA1:4E53C3F586A25F3DF3AE7D2A6E938CA1A1C795E7
                                      SHA-256:2C24BB51EC26331A4BCEC0607A929C0CC88AA70DE7CCF894281D7D7DBAE0DBC4
                                      SHA-512:F124E952182A4AD2932B8B5D321F5B82A436FC2545019CB6890843CC7DEB4450F5F0724ED338B8F9FA4403EE70750B45C620DBBD6B0A8401760AAEA625D666A8
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe, Author: Joe Security
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...).b................................. ... ....@.. .......................`......o}....@.................................L...J.... ..b...............H-...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...b.... ......................@..@.reloc.......@......................@..B................|.......H.......p...................0!...........................................0..D...........Q...8!...8"...8'....~....~.... .f.8....8....8....8..........8....8....-.~....~.... ..f.(!...o .....o!.....(...+..,:(......~.... I.f.(!...o#..........-..~.... X.f.(!...o$......k(!...8m...o ...8h....8g....8f.....8j.....8h......~......o%.....o&....(........o'...~.... O.f.(!...o..........o(.....+...*.8....s)...8.....8...............=.....0..............Q...8....8....8.....~*...~.... .f.8....

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Search.exe.config

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1971
                                      Entropy (8bit):5.13661332037052
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:A7C1E1B23999EB3068D6357CBA828211
                                      SHA1:17EDB3471E1D0CEABF360ABA444CBF4146A82C1E
                                      SHA-256:11240B9B314D463DBF65A5BFD1CE9A4AF40888FCA25E7841E8B63D31B82D820E
                                      SHA-512:044791148DF6563254EEDB1BF177FAAD4F79B5E596B4DDD04E1DDE5C3FF831BEB011B15B77016B37CB3D91CFC98A7CE71D74F0E709B2C28EFCE1AE83A318DC1D
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. </configSections>.. <startup>.. Run on all versions of NET 3.5 and 4 See http://msdn.microsoft.com/en-us/library/jj152935(v=vs.110).aspx -->.. <supportedRuntime version="v2.0.50727" />.. <supportedRuntime version="v4.0" />.. </startup>.. Log4Net configuration settings-->.. <log4net>.. <appender name="SearchLogger" type="log4net.Appender.RollingFileAppender">.. <param name="File" value="${LOCALAPPDATA}\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log"/>.. -->.. WinXP path to webcompanion.log-->.. .. <param name="File" value="${userprofile}\Local Settings\Application Data\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log"/>-->.. <param name="File" value="${LOCALAPPDATA}\Lavasoft\Search\Logs\search.log" />.. WinXP path to w

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):541512
                                      Entropy (8bit):6.132665569052744
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:06057DD6FAEC821061F244D51C3269C0
                                      SHA1:676AEBE7F974D88DC034BF8741688A6EF4653687
                                      SHA-256:7D73DB43D134121301D16FCCD6C0D9D3A56782B275AC38D3CF039340F1F7D209
                                      SHA-512:FF931525B9264AAEE4B67122C1F11B891E8B5A92C8E53A5DF1CB63B889DF581C465A747521723E1C18ACA5109F101799EDC1247277C1B06086739C8BFEB7244D
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..b...........!..0.............J*... ...@....... ....................................@..................................)..O....@..................H-...`.......(............................................... ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................,*......H........+...................$...........................................0..l..........s$.....o%...o&.........%..w.o'.........%....o'.......-&..o&.........%..w.o'.........%....o'..........+..*........89.-.....0...............((...()........s*...%r...p(.....o+....%r-..p(.....o+....%rW..p(.....o+....%r...p(.....o+....%r...p(......o+....%r...p(.....o+....%r...p(.....o+....%rE..p(......o+....%ro..p(......o+....%r...p(......o+....%r...p(......o+.........s,........s-...%r-..po....&

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):40264
                                      Entropy (8bit):6.2135564531365235
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:56302058940D63142263D4029D4254B5
                                      SHA1:A93FACBE46B11751973717B12755597B90FCCA76
                                      SHA-256:68B95AE05E979F440E16B606CE7D4DEC9D800787B6933DF77C39C5BC4CA8AB9C
                                      SHA-512:0D64F5B53147376643ED6215ADB2CD1E829A12BC49C40FB396E801F087A94AD2BAE2947170BFF8538AF0F05B795BAC040162E14DF7857EF1F38CD7F076B42EE6
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r^...........!.....h..........N.... ........... ....................................@....................................W....................p..H-........................................................... ............... ..H............text...Tf... ...h.................. ..`.rsrc................j..............@..@.reloc...............n..............@..B................0.......H.......D8..xL...........................................................0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Settings.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):20808
                                      Entropy (8bit):6.710471651233736
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:DEC365A790B164A5ED8E795D2291751E
                                      SHA1:3645FFEA9CAF9372DD3444EF60D5F83BC899AEF6
                                      SHA-256:E51D3E71874787D84AB0544C0B83B646D92A5C75BA4613F3EB00076E3844B083
                                      SHA-512:48789157847349FF9FF08FA144E52D33E88AE2DDDBD89AE0E94669DA9551F496AE40E5B729EAEDB47C3A928EA14860CF863ECA8A1BBA8810D460AE260BE2DEA1
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r^...........!.................:... ...@....... ...............................h....@..................................:..O....@..H............$..H-...`......t9............................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......."..............@..B.................:......H.......`$...............................................................0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*"..}....*..(....*>.r...p(.......*...(.......*B.r...p.(.......*2...(.......*2...(.......*..0..R........(........(.......(.......(.......(.......(.......(......ri..p(......r...p(......*...0..O........(........(.......(.......(........(........(........(........(........(......*..0...........{.....+..*"..}....*.0..........

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):84296
                                      Entropy (8bit):6.066066935594314
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:1049F0EF2DC71FBB0A8E745053488824
                                      SHA1:546C3E19A9F7EA1952638555082614173B433AE1
                                      SHA-256:C7F0D488A1CF8A4610E3D78BEB69776371EB2D145A3F5C96D6E3F20CF422D1CE
                                      SHA-512:297E8F1033DAE72F1FCF32034391E34F37B4B2BA6B50813E396D770D8BDC8204F166B1486FC43EAEB4D88F9E8F424EA82C34E85EC8F2ACE799D4C3C035204EBC
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r^...........!.................2... ...@....... ....................................@..................................2..S....@..H...............H-...`......p1............................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B.................2......H...........|............................................................0...........~.......o.....+..*..0..&................s.......s.......s!..........*"..}....*..0...........{.....+..*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*..(....*"..}....*.0...........{.....+..*"..}....*.0...........{.....+..*..(....*"..}....*.0...........{.....+..*..0............(...+.+..*..(....*"..}....*....0...........{.....+..*"..}....*.0...........{.....+..*..(....*"..}....*

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):21320
                                      Entropy (8bit):6.628079397124676
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:EBB16CAC3745E732F3F4250D7721D29E
                                      SHA1:2C817AE8807FF93F491151F4759C6C8A9DE896DA
                                      SHA-256:8CF5CBD9570F8CE514D0E29149D6749A50CE104AAF590027A9C239CAAC2C8247
                                      SHA-512:D1E56B06C836C8E1D1A1BB6E3039FA671B8CAA71A089926E721AA749F71176D9B64821250F3E2307E70ADDE7F26B0634EBBC120AFB3E0C189453AFC6B5BE8A87
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T.Ub...........!..0..............<... ...@....... ...............................1....@..................................;..O....@...............&..H-...`.......:............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................;......H.......h(..............................................................~.~....}.....(.......r...p}....*..~....}.....(.......r...p.(....}....*..~....}.....(.........(....}....*.0...........~....}.....(......re..p...o.....+)..(.......rg..p..(......(....(....(........(....-...........o.......o......o.....Yo.......}....*.......!.6W.......0..H..........{....s.......(.........,..o........ ..~....r{..p.o....(....o........*....................&'. .....0...........s ......{....s.....

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):106824
                                      Entropy (8bit):6.0299060115254255
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:EC4B2852E620FB8977B4CA209D7787D1
                                      SHA1:B59EDA2724522814E2F5D1DBA675C3C1EFAA9579
                                      SHA-256:82EF634B9216B2A72248F3DFE22C7F26EE119021D06CE71CDEE4193E940A2956
                                      SHA-512:F2A233407BB1752FB9D6F0FF99F6B21FE514C29128302B34DB5DFA28B00B429D23E0F5DBA6226298B655EF2194861BAA05F349F00E4636934EF2D07FD57FFA73
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll, Author: Joe Security
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..b...........!..0..l.............. ........... ....................................@.....................................O....................t..H-..........H................................................ ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............r..............@..B........................H.........................................................................{....*..{....*V.( .....}......}....*...0..<........u......,0(!....{.....{....o"...,.(#....{.....{....o$...+..*. ..'. )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X*....0...........r...p......%..{.....................-.q.............-.&.+.......o'....%..{.....................-.q.............-.&.+.......o'....((...*..{)...*..{*...*V.( .....}).....}*...*...0..<........u......,0(!....{)....{)...o"...,.(#....

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):17736
                                      Entropy (8bit):6.8171353754651305
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D46FCF7FE8B78E26FC8DB2B832BE1FB9
                                      SHA1:6F980B951C54698C94BA0053484A29B243B9BA81
                                      SHA-256:44BF727400001E42150CE4C19A96115521198DB8CBB44E287578CE1F8FA0EB1E
                                      SHA-512:C86FF156460501BCE25CC50116A338397CD914E794A405D0E208F65CD7FF314F24D6A81A9E345ADB09F41C6A4A0A93D0D199FCEEE8F3BE3514E5B30ECD01D702
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....r^...........!.................-... ...@....... ....................................@..................................-..O....@..................H-...`......t,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H........!..|............................................................0............#(....r...p(.....(....t.....s......r...po......o.....s.......o.......o.......o.......o......r...po.......o.......o......o......o.....o ....s!.......o......o......o .....o....~"...o#......o$....*.0............#(....r...p(.....(....t.....s......r...po......o.....s.......o.......o.......o.......o......r...po.......o.......o......o......o.....o ....s!.......o......o......o .....o....~"...o#.....

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):50504
                                      Entropy (8bit):5.950328645729256
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:3ED8D97D595948672F1AEB44258EE2BA
                                      SHA1:C8CDE22ED8465C72E8A7A9415ECCE278B067718D
                                      SHA-256:3D6D4FB3FB22B6C1F4BBF31A23500EC859F35C8CD28F83B9087EB5A00334DB48
                                      SHA-512:97984FB9D2699EEE4A7EEC5DC007BAF692BA08C172BA77B3F5F7C69DF51C108806E732E0EE0BC713EBBEC6B3409C56E711FD140EAA43A269D36AC1ED77CB5F70
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....q^.........." ..0.............~.... ........... ..............................l.....@.................................,...O.......................H-........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H.......$P...]...........................................................0..@.......r...p.......(..........(....(..............~....ri..p.o........*.........).......0..b..........~.....{.....sT.......o]......@..~....r...p.o....(....o....... ..~....r...p.o....(....o........*.......... !. ........ A. .....0............sx...%.o'...od....%.o)...of....%.o+...oh....%.o-...oj....%.o/...ol....%.o1...on....%.o3...op....%.o5...or...........~....r...p.(....o..........+..*...........st..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):26440
                                      Entropy (8bit):6.4001720229739085
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F303CE4F6ED18189D56423AC904BED04
                                      SHA1:EB6957D082517B5FADD01688D1004867B418C721
                                      SHA-256:29AF585BC328AC96501D72FFEE307927B56549F7D14F3EB83F69CDDE03974A00
                                      SHA-512:66C0B532F0F6CFB36DF37AAD92384B89CF250D4315381A7B29DF702CA2323DC0B6F87E533F55AC9B92BFA43F91BAD3C0493A5FC9C38FA3BE61A2EA610324A3CF
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^.........."...0.............BL... ...`....@.. ..............................y|....@..................................K..O....`..$............:..H-...........J............................................... ............... ..H............text...H,... ...................... ..`.rsrc...$....`.......0..............@..@.reloc...............8..............@..B................$L......H........)..4 ...........J...............................................0..k.........}.....(.......~....r...po......(.....~....r?..po....... ..~....rw..p.o....(....o........~....r...po.....*.........+:. ....r.(..........(....(.........*....0..v........~....r...po......~....%-.&~..........s....%.....s....(......{.........,5.~....rE..po......{....o.....~....rm..po.......}.......2...(..........s....}....~....r...po.....r...ps.....~....r...p.o....r)..p( ...o.....s!....~....r=..p

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe.config

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2379
                                      Entropy (8bit):4.811294024220937
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:AED25C4BB45D63F367AC309DA2D91716
                                      SHA1:295F9441CE64D87BC5489F2D5609E7704E302827
                                      SHA-256:534FF170605C383FA723B662E49DAF7683C560727FD71211B28799C5A6AF11AF
                                      SHA-512:AD144C6152BD8FABCC89FF502595281298C3857A8F2193F6B391ED7E137FA4B2A9E0FFCCD17C9C4FD5A691407D32339B4348B5FAF260DCDB5D2D0E6A63B5FDDD
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <system.serviceModel>.. <services>.. <service behaviorConfiguration="SearchProtectServiceBehavior".. name="Lavasoft.SearchProtect.WcfService.SerchProtectSearvice1">.. <endpoint address="" binding="wsHttpBinding" contract="Lavasoft.SearchProtect.WcfService.IWCAssistantService" />.. <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />.. <host>.. <baseAddresses>.. <add baseAddress="http://localhost:8733/SPServiceLibrary" />.. </baseAddresses>.. </host>.. </service>.. </services>.. <behaviors>.. <serviceBehaviors>.. <behavior name="SearchProtectServiceBehavior">.. <serviceMetadata httpGetEnabled="true" httpsGetEnabled="True"/>.. <serviceDebug includeExceptionDetailInFaults="False"/>.. </behavior>.. </serviceBehaviors>.. </behaviors>.. <diagnostics wmiProviderEnabled="true">..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Microsoft.mshtml.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):8019272
                                      Entropy (8bit):5.078942816343995
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:A1D7D1A9F1E9CB1C968B72AA4C901054
                                      SHA1:537110F979545205E581001E1C6209BB3CB90D62
                                      SHA-256:EA46ABD0282FC43A8C78A27B4EB1A8752CB48363937B0B534B41392C72D1550E
                                      SHA-512:0EA6D795816086BAFBED626DED414585A1AD3CEFCF101466EEEBC6D6A1594C715AE9DE3AA655EEFC0D89065CCF9A2A0D900E541B7850E77D9430F10F6B56B065
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....OR...........!......z.. ........z.. ... z....@. .......................`z.......z...@...................................z.S.... z.x............0z.H-...@z...................................................... ............... ..H............text...4.y.. ....z................. ..`.rsrc...x.... z.......z.............@..@.reloc.......@z...... z.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\MozCompressor.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):65864
                                      Entropy (8bit):6.464452234065725
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:DFF53593BD8D5E9AF5A969E601754468
                                      SHA1:9621BB2B227A7A737A109B8AE32533AC636EBE04
                                      SHA-256:9D611FF95937F9832D223841067AE887E9F3AB25A24B745305959B05ABAB3535
                                      SHA-512:86FF65D5BEFD06D481A54FEEA4ACD6B4141E0607E68A8A83B602927F0A2BEE94E16EE61C01250463CAEB32BFCE4F8C357C9E1CF533EF742D9C28BB8A39016C0C
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,z..B)..B)..B)z.C(..B)...)..B)z.G(..B)z.F(..B)..B)..B).C(..B)..C)..B)O.G(..B)O.B(..B)O..)..B)O.@(..B)Rich..B)................PE..L...F.KZ...........!.....4..........{B.......P............................... ......$q....@.........................0...d.......x.......................H-...........Q..T............................R..@............P...............Q..H............text....2.......4.................. ..`.rdata..$....P.......8..............@..@.data...$...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\NCalc.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):206152
                                      Entropy (8bit):5.649836459439695
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:6AD7C15D378DD7DE76CF218F69E4057D
                                      SHA1:41ED23E86B19037BB3E4B129CE7211D54598617C
                                      SHA-256:6C7F17A98FF6A5BB7CB15407B4CED3B8E250777E496F0174B2857398F8DB5065
                                      SHA-512:8DAE2546B35E7BBAA8649FE620AA4FD1A3B61524FB53A4CBD8950B78DF264AE1960510EEA8476D65A78BCCE2B4082B2FD92D359D9E03A9125BE4CB3E3611325A
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....bxN........... ................j.... ... ....@.. .......................`......TA..........................................L.... ..................H-...@......................................................x................ ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................H.......8....f............................................................(....*.0../........(.......s....(......s......r...po......}.....*......0...........{.....8.....*......"..}....*...2.r...ps....z....0..K..........o=...(......(....r]..po....&..o?...(......(....rc..po....&..oA...(.....*......0-............o....(......o......E....................s.......]...G...............1.......9...#...O...e...{...8.....(....ri..po....&8v....(....rs..po....&8`....(....r{..po....&8J....(....r...

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):437064
                                      Entropy (8bit):6.091304058436256
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:8646BAEED20310F7B687789E58E183E2
                                      SHA1:3FD09E9F654331F031E88FBE61D99A42DD10C1D7
                                      SHA-256:193C95270430347CD2C0677CBFF40E5C812E0B49F7FE539B8B37B9427079986C
                                      SHA-512:537BB871C727D7345A47016B0628B4628B3F0414A1C4002D9F7AB3165751C2185143C565358A659CCF522B7917929FBBBFAB03D488833B70D1BC14EF1B3C6F2B
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ...................................@.....................................K.......8............~..H-..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\System.Data.SQLite.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):290120
                                      Entropy (8bit):5.930949668970863
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:BE293C8F6A5878A7E9C8BB4439EE67E0
                                      SHA1:97942DBF19E19F3448416A1CF6502B44E1D352B9
                                      SHA-256:AD1E86A344B762CCBFA9C51A6A1F99F5AB6D4E50BD1A16F50AF860E957040CEA
                                      SHA-512:2E356E05FFB4381C68A03D2A5BAFB31EEBBC9B2CBDC47EC454BE319251B58269372B63F40090F7CB5086DA22C2F1252FE12679522A3733E97A652735C45A419D
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*S...........!......... ......~.... ...@....@.. ....................................@.................................0...K....@.. ............@..H-...`.......-............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):9677640
                                      Entropy (8bit):4.400740330864067
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7BB65BB24E9A4A04E8D3423D12CF4665
                                      SHA1:29A28EC509FD7E46EEAD9730D910BC9261BABD1E
                                      SHA-256:263D145E44BBEF5F1A7B33D5D22EA33A941EF339A567D853E257E5B07540049E
                                      SHA-512:893A9538EFC74BF9C2F55C537ABC6A227E02A992D42321D29E81B45BD7394CB1B4729371DBC1536FA8E75442B4F48CFDCE1B09AF829C8A381E848527F52AA01E
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe, Author: Joe Security
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W..b.....................t.......&... ...@....@.. ...............................c....@..................................&..S....@...p...........~..H-..........p%............................................... ............... ..H............text........ ...................... ..`.rsrc....p...@...r..................@..@.reloc...............|..............@..B.................&......H.......|...>......|....H...............................................0..=..........(......(......-...(.......(.........-...r...p(........+..*....0..r........~....r...p......(....o ......(!........-..(.......~"...o#...s$.......(%......!..~....rQ..p.o&...('....o(........*..........3O.!....V.....()...(*........*..(+...*...0...........(+......~....r...po ....~,....(....ot........-...(......+...(.......(!.....-....(...+}.......!..~....r...p......(.....o(.........*.........W_.!

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):19582
                                      Entropy (8bit):4.782499613572941
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:1F6D2003038E80D41622133F99BABBFB
                                      SHA1:15D65ABFA15DCCA59EA4B31DAC689377497E4596
                                      SHA-256:00686F103E7774F6EC676FD9FECFE5424BDFB31CD1DD82625FD8C7D3E2F427F7
                                      SHA-512:87B61780297FE072E2054269D7EFFD69EA85BF414279D12C0232CECEBEFB07435A727BC69A234681E7A2BE862699A73CA79A83B1354406936CF9286D96CC8FD0
                                      Malicious:false
                                      Reputation:low
                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">.. <section name="WebCompanion.UI.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. <section name="Companion.UI.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. </configSections>.. <userSettings>.. <WebCompanion.UI.Properties.Settings>.. <setting name="Theme" serializeAs="String">..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionIcon.ico

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                      Category:dropped
                                      Size (bytes):24337
                                      Entropy (8bit):4.401590449138391
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:1DD04466644E96E0AD308D1E637E9621
                                      SHA1:0C7F688CA482FCD1FC9AA7D7518A5BC844875CFF
                                      SHA-256:9733ED5E1E2CAEB0986F1D46A052B2D4BD8CD6B041B9F57216F12410605E8455
                                      SHA-512:A92FF0A1B92B5B689BFC36A807F02D79B8DC3DD99971B3528AAFCEB8C1FC2DBC67BD170990723B34B26AC4EE7516EFA6B218C2ED1D422A422EDE7CF5FB9A3DA1
                                      Malicious:false
                                      Reputation:low
                                      Preview:............ .h...V......... ......... .... .....F...00.... ..%............ .{....D..(....... ..... ..........................................................................................................................................................................q...q...p...p...............................................s...o...p.`.p...h.............P.................................r...u...p...p...n.9...A...............................................~.w...o...r.................k...............................0.........p...x.....................#.....................................}...~.............................................K...........................................:...............................................................................h...................................................V.......'...............................................................................................................................W...^...^...^...^...^...^...^...^...^..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionIcon_Pro.ico

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                      Category:dropped
                                      Size (bytes):25507
                                      Entropy (8bit):4.77281362097441
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:BBD842A6E91D908141DE6FA59D3A9868
                                      SHA1:3F387A45C09CC3894A6475C711C943EA3F70ED6F
                                      SHA-256:D5A8246EF2075DAD3B3D582477CF757FE673A3A793EF3DE60DE82BF8581DA19F
                                      SHA-512:F130188D69710DEBB2BBFB122C0BBBCF21F7356820226B0D8A668BF965B909C8F24DCEB2E75FF98E70ED02115903AC461D10BD3835632BF9D7A325C9610F0A13
                                      Malicious:false
                                      Reputation:low
                                      Preview:............ .h...V......... ......... .... .....F...00.... ..%............ ......D..(....... ..... ................................................................................................................................................................................................................................................\.....|.........\...5...................................................9...+.........................................T.....y...........................?...............................-...............................y...................................................................O.......................F...........................................!...............................................................`...............c...................................................0.......#.......................................................o...................................................................K...U...^...^...^...^...^...^...^...^...^..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):472904
                                      Entropy (8bit):6.471579050352376
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:0F602570DA69F18A30CAC878A835ABA3
                                      SHA1:0CF6EFD33F949FD0DC87705A43A7D381C69B12B3
                                      SHA-256:334D7140C751CF09CE866E96EBE029506E2E0E41CF1EBCDD3D8CC72737321B07
                                      SHA-512:DA68AE760BE1759A2CE47EF5D267DD88AF582BC9E73A982462C044F36386F782243A5D9FC086E007935BF129BE61A0AC89A2B6CC4BE2656AD4726A7134B4371B
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, Author: Joe Security
                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe, Author: Joe Security
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..b.....................t.......... ........@.. .......................`......i.....@.....................................K........q..............H-...@......X................................................ ............... ..H............text....... ...................... ..`.rsrc....q.......r..................@..@.reloc.......@......................@..B........................H........7..`z......I....p..X.............................................~....}.....(......s(...}......(....}....*br...p.{....(......(r...*.0..j..........{....rk..po)...,.(.....+.(......r}..p(......(......r...p.{....o....o.......(........s.........ob.....z*..........UU......6r...p..(r...*.r...p.....*..{....*"..}....*.r...p*.r-..p*.(h...o....*f.~....}.....(......(....*6rI..p..(r...*....0..c.......~......(....( ...,.r...p.+..(.......(7.....(...+.~......o".....+]..(#......(...+

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionInstaller.pdb

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:MSVC program database ver 7.00, 512*1627 bytes
                                      Category:dropped
                                      Size (bytes):833024
                                      Entropy (8bit):4.514230288618714
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D8D0A2A682BA566EEA7542EE55ACCC5A
                                      SHA1:436D17148A7AFC0A990DE9029EF24BB308146CB9
                                      SHA-256:3CC0A33541585CB01F5D661F57E4F9182EA1A3CEDCBB45A4AF7137A2D4D363D9
                                      SHA-512:2303C15C498F925A61969F50B69A06AD694D1D13F6D0151D99A7C4A65073D24B1D794215E30D11FC50C45151A393DD85365703674E87D1C96889D217D0FC6A0A
                                      Malicious:false
                                      Reputation:low
                                      Preview:Microsoft C/C++ MSF 7.00...DS...........[...........Y...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................8....................?..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebcompaionReimageIcon.ico

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                      Category:dropped
                                      Size (bytes):17542
                                      Entropy (8bit):5.487981305511366
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:9932F44F84F0693AD7D3B7F5E41B5C3F
                                      SHA1:681EDED9A3F513FE1BC067817A3A5C7CE9277624
                                      SHA-256:8E10EDC1E341C0B89232811BF8B71CA1A1EEDC8CA78B79432C4AD702591B2DE5
                                      SHA-512:3E522306ADB5ED30C2E448329B9952AACACA29543CF8152435E2B8ABC85F9E546EE3D7BC96C6EAD9EDC99686102FD6B1488A5C5C2104A7D838EAE47F2AB6912E
                                      Malicious:false
                                      Reputation:low
                                      Preview:............ .h...F......... ......... .... .....6...00.... ..%......(....... ..... ......................................................4Of.a...Qz..?`..9YC.]...1L...................................%f.i...x..."6...$...3..*F/(u.B3...:....................8W..2N#.)A..........|....&..:Q.....J...M..x.....................{...f.T.Hl..........J_......>O.(...Y...T...........................[.j.u...........L]..EV.+z..&...V...P.............................m........BfL.Tm;.\v>.dp!.Fe=.I...J..FS.......................9..,...2...\~H.nd...|......uq..6..U7...7...ml6...........>..X`..!...-...N{Y.ul..............of./sk............$...p..........3v..v.........Q...:... .~..qh.8yq............@...m..|....FHH._g\......................K;5..`[........}...j......w5>POI.UUQ.r...`...3.......U.........R..a...b.............LA..M?..571.L...W...-...8....Rn./....?SH..h..}H...N.............qa..n^...-$.2...U...;...;...3... `u..2I7.5L.............................&"..&DM.F...X...T...k...H[i%.#A.:Rg.......

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WpfAnimatedGif.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):54088
                                      Entropy (8bit):6.329916594650582
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D8837B04CEE44D8D19C44375D52B6035
                                      SHA1:98FF370B0314E88A037CD90B8F1496F0FA5B9C8E
                                      SHA-256:AA434011AAF29E2CF6459888A60C09656A55E638D6952AB9319B035CCD0DDB37
                                      SHA-512:420D7646562928BAEB804F8CDA67C0242398376DD02B6DA285CAF4787AAB3F3843E04D4B83022318230D0D410C9C7FCD9F261E59E74C0E67AADCF0F4D35F406B
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=..........." ..0.................. ........... ..............................l.....@.................................j...O.......$...............H-..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................H........H...p............................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ...' )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....( ...*...0..2..........(....~.......o!...-.~.....s"...%.o#.....o$...&*...0..A..........(....~.......o!...,)..o%..., .o&...-.~.....o'

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\acs17.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):1154376
                                      Entropy (8bit):4.985126195242392
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:06ADF18E3F4BA8DF6DD37EE7BD902D69
                                      SHA1:DFEE6E096DCCD0D3AB446D33BCFBABBFE6A5D959
                                      SHA-256:FAC6DFF6D89A0FE6BB15CA522522D189C43F802501E0F8EE2F38E8BF0F034EB1
                                      SHA-512:E618645D3A9FC6F722E149A0F8F2E58C5EDEC57AEB817A21051EEA5B95D5F4A1D5DA43202A0229001AF39FDCC8466F3EE9F7CF942431CB478FD7B35D39849B50
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v...%...%...%...$...%...$...%...$...%...$...%...$...%...%D..%...$...%...$...%..d%...%...$...%Rich...%........PE..d...{.p].........." ................X.....................................................`....................................................d.......<.......D....p..H-..........0...8...........................p................................................textbssMH...............................text...1....`...................... ..`.rdata.............................@..@.data................D..............@....pdata...............R..............@..@.idata.../.......0..................@..@.msvcjmcr............N..............@....00cfg...............P..............@..@.rsrc...<............R..............@..@.reloc..W............X..............@..B................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):73032
                                      Entropy (8bit):5.404164318129585
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7BC39F17DCAF3B020DC80A6F0BC656F4
                                      SHA1:23706C8F93CB442C77CE0382596724BF10E6E752
                                      SHA-256:14FCFAAC7FB76C425DBC16469B9AA9F9389FBD445046ACF8C17AD94B69B897B1
                                      SHA-512:161DFD270A876B1C0A800D276EF871614D02F6F3980B7A06431AA074550BECA0FE4D2A6D71077000CFDC07FCA5DFD155DC72616D99260BC20C1774422CDDD8BD
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X..b...........!......... ......~.... ........@.. ....................... ............@.................................$...W.......................H-........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):21832
                                      Entropy (8bit):6.766831145056148
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:A09497B74F674956908B59893EE7799F
                                      SHA1:84717AA3333DB60D64B616B4163081994D72050D
                                      SHA-256:A970879AB0EF8B390E421A5187CC48B78E191961DD68341E89A26E009B7A6ACF
                                      SHA-512:B1912FD40F27FE8DF1F51473FAF300367DD21CE1A414EB14034B5D1B84C673EAD724D3A796C231322959956AF57E339C6F0A75CD108B59C6978B9B8876A021C9
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..b...........!..... ...........?... ...@....@.. ....................................@..................................?..W....@...............(..H-...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H....... <..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADPP)6..).......n.....V ..(`5.........].......}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."..&...'vAw(

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):73032
                                      Entropy (8bit):5.338989511983074
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:B3B1A64601AACCD413E8BAD59E062A35
                                      SHA1:14256E9CBC0D1D0728A9EEB2047B2FBC6093CF6B
                                      SHA-256:86C3804A64B5A9F6E7EC62D8F70F4DE643104B255123917670B13F8DE878EEFA
                                      SHA-512:C49D0617366EC5B972F819244C93ACE58D1CE3C72C077826BD72351431653E393A59BD69BBEB97D6FE94C268FBA0B5AB6C73E0A069692F26987BC16DCA3978D4
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!......... ........... ........@.. ....................... ...........@.................................D...W.......................H-........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):21320
                                      Entropy (8bit):6.697378544746437
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:1335F2FD2E96B76E6841E87EF44641D5
                                      SHA1:7B1D6C949A20BACA2960AC8F51AFA37168506B9B
                                      SHA-256:1805DAA40935D0E31551799B2D8C2F6D6B224F2877C14B27E99645A494F0F1A8
                                      SHA-512:70483A85CBD5B8270517E5B89B41B0DCD43A415153CD126044670E093B6902D612C1BD2A49D46ECF20024D18C8826D20FC2058E6AD16284D802527D2B55AB65F
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..b...........!.................<... ...@....@.. ...............................W....@..................................;..O....@...............&..H-...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................<......H.......h8..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....E.......PADPADPP)6..).......n.....V ..(`5.........].......}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...............v..-../.x.EZ..N...D|-..... ...?.!..v"..v"..v"..v"..."..&...'vAw(...2c$Q:

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):73032
                                      Entropy (8bit):5.334039488048642
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:E028FF102F24582114FE011675185041
                                      SHA1:D3B1FF0B732808E7C3F8313469882BDB7E0E4183
                                      SHA-256:9EB67B9BE8BF5A5E90E7FC6145EBB1D6DB0BC8704F97D963677B77D6E4CF53DD
                                      SHA-512:9726065E17DF3E1562A0A20E7903EA5DDA0A8AD082F6B447C79E55BCFF077D3922AB0F33BCDBA11BED77D4F1257799046DDC4D41A8A96AD6A28249A5E2936264
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!......... ........... ........@.. ....................... ......-9....@.................................l...O.......................H-........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):21832
                                      Entropy (8bit):6.720315069964533
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:4FF64FEB2C0259C1D58A161173D81843
                                      SHA1:BF360C5B246D16902019D78A2FC841489E997E68
                                      SHA-256:BD40969174F8CB67B737EDF6BC4305D70F7E76BA9C7A43E1D6F11C5DA1A962E7
                                      SHA-512:981ED2CC0C1C10A2DE0C259ED556C01E276A84EE7F4E79863DF18E2CF71845219E77F7DBC5F11EC8B79241827E77323C30BB420A5475045DBFC98E995C690EAA
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..b...........!..... ...........>... ...@....@.. ..............................<.....@.................................x>..S....@...............(..H-...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................>......H........;..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADPP)6..).......n.....V ..(`5.........].......}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."..&...'vAw(

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):73032
                                      Entropy (8bit):5.443997617504796
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:273DA6C7D5A7110FAA03B46664EAD3BA
                                      SHA1:533D7DD33CE7BA7EF8F08A244D612BC69E2DD4A8
                                      SHA-256:244BB2C2691C1F79EE493F7A9FC36699286E662BE30EB3C4477DAF4CCC730E21
                                      SHA-512:A92B08D5A7C21E388CF3FE3A7B0F306179590BD0C0797052B11897EC5DF8BCEB78A16116EFECA70BFD10091D0DE5769BADC4D1C1E17CA67FD7ABA20C108E3AF5
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!......... ......N.... ........@.. ....................... ............@.....................................W.......................H-........................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):21832
                                      Entropy (8bit):6.761228401876228
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:78774F4D0A084E30558FA6FB1C2689BC
                                      SHA1:76FE4B3AFE1DAA0ED1AE87AE87111037F8B3358D
                                      SHA-256:F9B9CE0BFB33023B6958B34C40E3D009D35F0EBC2FFFFD634DB170A6C5831890
                                      SHA-512:94C5E6211142A78EE729A25A123DDB14F8AC60F3F53F571AE176FF983A51A7FD9E66D7C2C84C2D2D64E135016F0663CF70186421C7F6AD1DBC63B92D71509989
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..b...........!..... ...........?... ...@....@.. ...............................N....@.................................\?..O....@...............(..H-...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H........;..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADPP)6..).......n.....V ..(`5.........].......}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."..&...'vAw(

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):52552
                                      Entropy (8bit):5.206454413603725
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:2AB81CAC585C58F571731D810460557F
                                      SHA1:18D69D8FDACD0B60A3636FC8B9039F81B7B62FD7
                                      SHA-256:1CCF07ED3D0539723866DF4B95A1D818354D94C1DE9BBDDE7A23584D298622F5
                                      SHA-512:0990F8A5A5FD6323E78568EDED71EEC39D8BDEC8DED1523D7C67FF9759E1AC9F72EC683F950F35FBA37D889A77912E5CCCC453E870428B8873309E5974C0FA9B
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!.....p... .......... ........@.. ....................................@.....................................K.......................H-........................................................... ............... ..H............text....e... ...p.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):19272
                                      Entropy (8bit):6.826856834951021
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:27E7FA233A580242557EC80BB1BB315B
                                      SHA1:ECFD40380FDA0F71DF3C42B56CFEBA96BB173CFF
                                      SHA-256:E4238CF0E7E32D6D003D2EF9BFBC8AF04FD367A00C33961AEA9620BEB09098BA
                                      SHA-512:D583642AB1DE52AE9072387BF25B72C7B22B691290A67252433A5B5F52D4AD6AA8FA6AF4EDA6A2F3C8F329F415C32C55584B2F7994D3D84953147819C1EA5239
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]..b...........!.................4... ...@....@.. ..............................c.....@..................................4..K....@..................H-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H........1..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPP)6..).........V ......].......}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."..&vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~t...............P...e...2.......................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):52552
                                      Entropy (8bit):5.426266272545869
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:8DB41A930DA676FE74996C144ACC4B35
                                      SHA1:A50CEB90AE6653EBEF83F37E00A3BCB8209B9B53
                                      SHA-256:2E4164A521E8AAC3D2EC617801288D7D68A827CD4D68E84677AC67205F046260
                                      SHA-512:BF4C22064B55847929FFB1502CB70B0887503277E0BFBDC8DD0DF0E11C14660503E02BC71817AFF5EA9B6BC3231FB4BB0F833757F072244A7B8F053046673258
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!.....p... ........... ........@.. ..............................|.....@.................................`...K.......................H-........................................................... ............... ..H............text....d... ...p.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):19784
                                      Entropy (8bit):6.953487303010835
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:EAB5C6BD4069F9EEEBF7CE79056699DE
                                      SHA1:6E0B8505A44956D3CE58F9509F8E707646CCEDA5
                                      SHA-256:35B6C165C80E696A295647A9460D07FF77A76B3AE141890138C29AF6D5FC61CD
                                      SHA-512:09DDE14655CCB5FACC9F961C069D43B958AAB91A96A3F18CB76106A683E3391B13CBBF061872953ADEDE31326FC265BEE799B13846020AC20E69C7AF9421E139
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]..b...........!.................7... ...@....@.. ..............................T.....@..................................6..W....@............... ..H-...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......`3..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPP)6..).........V ......].......}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."..&vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~t...............P...e...2.......................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\liblz4.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                      Category:dropped
                                      Size (bytes):135504
                                      Entropy (8bit):6.4193026671022935
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:864237EE4EDBCE9CC5BCC34FBE5FAD5C
                                      SHA1:E8CC04252984C411852F3BAC4570C44D35B46274
                                      SHA-256:43271D8CF6AD0FC587339C0DE8981744CC59EDE875ADC270523EF6BE534665A1
                                      SHA-512:548D7F502A0A5AC4035D28CF89FA73A116CFF55CE43F97B7AB0D40FA582EFC2C60D4DDFB9EF3C574180DF2DC38D73ACCE8A66655EC42A71A4CA3C2E377F5E134
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../.Y...........#.....l..........`..............f......................... ......>m........ .........................................................H-..............................................................l............................text....k.......l..................`.P`.data................p..............@.0..rdata..D............r..............@.`@.eh_fram<........ ...x..............@.0@.bss....t.............................0..edata..............................@.0@.idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):322888
                                      Entropy (8bit):5.617170304387561
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:1D468BB4CA5C3664F208DEA11633D570
                                      SHA1:2EA73E477ABD6AE06FDE8AEBD1BD72EBD569FB2B
                                      SHA-256:73C4B4C46095F46AA422F0CAF810BB053704C3CA6CC938A8C74B8DB2AB1E5318
                                      SHA-512:7A7B8F34A4797C02BED552CCE89DB5A02A4952355DD45BE4AC4BAB6A8F283A1C7036F343516A1778243A978745537D23E3E382C9DC9E496B79CF909AEFD5BA7E
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....R...........!......... ......>.... ........@.. ....................................@....................................W.......................H-........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):60744
                                      Entropy (8bit):5.344737077504468
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:99D9026AA683444847C19B1BFA94B29A
                                      SHA1:84ADCE3E18489DAD81E9C7ECEE571D1F5A213842
                                      SHA-256:853DA1D0236D9470A0C71BDA77C13259BC0A9AD15836405E5F78B35A6EE29C65
                                      SHA-512:6D064C0CEEA0E32C0D70481F1BF3FDD39F15D84CF2DFBC004CA2A6FCC475366DE0FE30FF9966FC1B9513E3024BC0B4696F4A3F11B9FDED065A9EF36B247258DC
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!......... ........... ........@.. ..............................$,....@.................................l...O.......................H-........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):20296
                                      Entropy (8bit):6.818799339083749
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F2D4EB17C2BD5E780D8F396BCDBDD2A3
                                      SHA1:BC1A2EDA17C39FB349A3F40CA865FE094E8D68F6
                                      SHA-256:B6729767B1623F6225E91C81900DF1E24AFD0786D147BE0C547EDB518FBED62A
                                      SHA-512:41CB6CEB16F882DC16748A425E729226E7BF1D83C8D3FF7F33B9ED5925B8569456821D20D2719BFCBA0840F1539DC811B2189558CD4D1E4FDB43F057435943F8
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]..b...........!................n9... ...@....@.. ..............................'.....@..................................9..O....@..............."..H-...`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................P9......H........5..d...........P ..e...........................................a..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....9.......PADPADPP)6..).......n.....V ..(`5.....].......}........E(/...-.C.... ...#..S.n....xv.|.-..X:..o.....V...h...................v..-../.x...1.D|-..... ...?.!..."..&...'vAw(...2c$Q:..C?.9.W*..Y`..[.F.^:1;j...pg.Jq..cv...w..~...~

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):73032
                                      Entropy (8bit):5.412575460902619
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:97AD21A6CC457167E3172BBDB04E0B30
                                      SHA1:EE239DA7AC99D68C0466425E1CCB68D7149B496C
                                      SHA-256:D280177876479DA3D97B5C91A4E9364BBAB2D82B677778697D99225BAB9B6C35
                                      SHA-512:DA8CC630B1E2A8E011AA1D4A0594BDB5DAC636A5BBB201D83B9C28488087267B7E4A4CF037D19CF9E9909D144E276407FE66F95844BC7B9DD2154066ABA98995
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!......... ......N.... ........@.. ....................... ......:.....@.....................................O.......................H-........................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):22344
                                      Entropy (8bit):6.78124931044508
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:EE15B60A8C322F383ACF7ABDFE2F2373
                                      SHA1:CB1B7DCA906B224FF5FDCB2F70A2CE87ADD82623
                                      SHA-256:C083701DAA5F5682937531AA08143033C06CDFE2B9069D0C8D214305AE3F75B9
                                      SHA-512:A91BCF4C9035EA091AFBB949C2A7D69CD291E4ACD76CDBC0EE695274DAF70D74DF5299AFB766B86F40CD0F3138D5A78788646564160B0A487DCE58106F4BE83F
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]..b...........!....."..........^@... ...`....@.. ....................................@..................................@..O....`...............*..H-........................................................... ............... ..H............text...d ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B................@@......H........<..d...........P ..U...........................................Q..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....9.......PADPADPP)6..).......n.....V ..(`5.....].......}........E(/...-.C.... ...#..S.n....xv.|.-..X:..o.....V...h...................v..-../.x...1.D|-..... ...?.!..."..&...'vAw(...2c$Q:..C?.9.W*..Y`..[.F.^:1;j...pg.Jq..cv...w..~...~

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):48456
                                      Entropy (8bit):5.30396863662681
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:B899F0D2D10A5BAC657388E53F93D1B2
                                      SHA1:74D6C488C9A5D5257166441AC54E3FBA3FF1E3C0
                                      SHA-256:7EACD9D2830D1AC0465E6071FD422C598EF7F78A9B7068D1D7AB696953493F57
                                      SHA-512:2F4500398724C42CE1AF40EFE862259C95AAC845E6AFDF1E2C9D82A9CB6717CFBF6E11CE7A4C5FD8317B473655014E5DB7CF0C36B675976FF0CCBE401A2B4193
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!.....`... ......>w... ........@.. ....................................@..................................v..W.......................H-........................................................... ............... ..H............text...DW... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):19272
                                      Entropy (8bit):6.927134393752195
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:64D9B417B75C277F4905704575ADAFA2
                                      SHA1:B60FC21551A15293033C0B059243C67CDB951B9D
                                      SHA-256:D465D8D98DDAB38A6CDDFF3D7364B9DEB0DD44BA1D9EE82C5347D9CD80200B26
                                      SHA-512:ED06AB15134165B2B57C7F2766A3B9968C664234740F3C8904B676D638B10E6EFB2D2106DBE2E011BBFC2D1627B0380F4CE3E84D8023FE5462B63AAFB3EEF1BF
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]..b...........!.................5... ...@....@.. ..............................{.....@.................................|5..O....@..................H-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H........2..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPP)6..).........V ......].......}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."..&vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~t...............P...e...2.......................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\ucrtbased.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):1658696
                                      Entropy (8bit):6.560242329847887
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:49CC9E720B74F7E5AA7D706DB7F3FC12
                                      SHA1:C026F7B38094B7B4DDC61E1F524B839C2C53CA00
                                      SHA-256:4080ABBB9AEE87A195CB13583436AA1995EF549EF54A746C748D0D91E821305E
                                      SHA-512:949108DFCCA3561AA3EA4660C317B50CD59D1B529E5B31B705BD42568652394D2A932D6859069FCD685E4E2C8D984537F6BA112D890C7B7C2FAD053AF6F8FC45
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k.N.............r-.........y...C.P.....C.O.....C.M.....C.I.....C.L.....C.S.....C.N.....Rich............PE..L...P.!U...........!......... ...............@.......................................?....@A......................................................."..H-......<...p...................................@............................................text....,.......................... ..`.data....P...@..."...2..............@....idata..d............T..............@..@.rsrc................j..............@..@.reloc..<............p..............@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\vcruntime140d.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):107336
                                      Entropy (8bit):6.584520290677762
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:B3C5A531384CE46A134F186B1B7A74D3
                                      SHA1:F3EAB2677D21232B02486A57B887E42DA2AD5193
                                      SHA-256:9EF3F899BD1F2D0A322D4A959930C9607A1564E1D254687A1EAB2FFFC1B012D6
                                      SHA-512:EABFF3786CF8C778870695D78B19AD1AF06B5D98B2340DB3572F77318447F7CC4F61385C6F97D9F29DBE717E44C8D587DF1D62CE6347387226A0D7F3438F60B1
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................+.....tm.........................................................Rich............PE..L...qKZW.........."!.....R...&.......K.......p............................................@A........................@X..........<....................v..H-......d....$..T...........................h$..@............................................text...UQ.......R.................. ..`.data...<....p.......V..............@....idata...............X..............@..@_RDATA...............^..............@..@.rsrc................`..............@..@.reloc..d............f..............@..B........................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):1136456
                                      Entropy (8bit):6.583317067388848
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:AF51F1A2360E5F8005C4C44208BD1BA5
                                      SHA1:6DFCB40583D3C055811A9A48D73BF58AAF1CC3FC
                                      SHA-256:75B1F2BC9892E7C355FD7A6429BBBCFC285A3BABB34FD601A13B7D098A697B0F
                                      SHA-512:65C300BA8096B43A898307355F685D72D5B765A5B7548317B1848B9471083B80D514942FC3007DCFE00C6E1CE8182F63A704F74E3E4DD4B3036066F2DF03BCE9
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................m.....j.8...|............0...`.....{.....}.....x....Rich...................PE..d...G.*S.........." .....l..........h'..............................................yn....@..............................................#..$...<....p.......P.......*..H-......X...p................................................................................text....j.......l.................. ..`.rdata...Q.......R...p..............@..@.data...Xe.......@..................@....pdata.......P......................@..@text................................@.. data.....;...0...<..................@..@.rsrc........p......................@..@.reloc..............................@..B................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):843080
                                      Entropy (8bit):6.859627980584393
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:E938AD33246CB84D113DE46E8CB3752A
                                      SHA1:AE4C94E2E716DA4D485EE4D03D9D222F067F2725
                                      SHA-256:04D67F5DC4C24903258C97E08A361CA9E56F5225729DE762DB6C0649621A2B57
                                      SHA-512:4F352250E0A87C56965EC19E8F44357F9E9107D99ED4978A3E43FE1556F67CC9996073FAE47642117109F5DAB73428661D94843765531B17F40D5C732DE35DC1
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C..=..~n..~n..~n...n&.~n...n;.~n...ny.~n U.n..~n...n..~n...n..~n...n..~n...n..~n...n..~nRich..~n................PE..L.....*S...........!.....j...B.......%..............................................+/....@..............................#..D...<.......................H-.......E..@...................................@............................................text.../h.......j.................. ..`.rdata..i............n..............@..@.data....G...P...(...0..............@....rsrc................X..............@..@.reloc...L.......N...b..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):18760
                                      Entropy (8bit):7.002105631013671
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:8CB23A0B746F17ECC173F3041E1BD986
                                      SHA1:3B6DB551B1E7A9EB89E019230EF3481088C16162
                                      SHA-256:54521082DDE3D2B5A02DA7301782B11BDCB3793473573753E74DBA3570F3BEBD
                                      SHA-512:6DA56B0E0249CD972730F3AB8E0D78C1A0168F47401291C3815CE32390F7F8C0D216F7A0A5D9B5C6D6C0F483CA9CD44C70948342474B72AFB99802DCDF5D0FB1
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]..b...........!.................3... ...@....@.. ..............................!.....@..................................2..O....@..................H-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......X/..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADPP)6..).........V ......].......}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."..&vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~t...............P...e...2.......................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):44360
                                      Entropy (8bit):5.624571013656992
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:11A2148CCE43B3C48A79799212F6D5FB
                                      SHA1:ADCE971FF1CC71B307E23E9F8DA2A496FBFAF8E8
                                      SHA-256:E5209D0F7CE434CE8C1ED93D2D11E967DEB0391E3034DC3DDA3AE5B8EF149AFA
                                      SHA-512:C93A6E05BF3B761DB6AA66821675B92F13C31F5708EA31EE8DC6F96545972AABF8CD42466210E80CC32999C6E6BB5A9388705CD61404B81695FF024561980CA8
                                      Malicious:true
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..b...........!.....P... ......nn... ........@.. ...................................@..................................n..S.......................H-........................................................... ............... ..H............text...tN... ...P.................. ..`.rsrc................`..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):310
                                      Entropy (8bit):4.857877240717216
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D1C66668D86B8017500D2A93977E2DC5
                                      SHA1:6E86EDC442FF9E0FC8C1664A4EE3BB02B66C6F68
                                      SHA-256:8B48CE0254B019BDE1CD7E308828B71A8E70E22296CDE4EDD73292644FFDECFF
                                      SHA-512:5F9DB5E9A50744C6D9AC5111F939907592CFF292C46684415578CBE2A0AD91673E90DB8A9290572766EC5C86E7D8B357546186E7BE6FD1A000A1678E08D28BE8
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"Icon":"https://webcompanion.com/images/favicon.ico","AppName":"Web Companion","Settings":["WCAutoUpdate","EnableGranularity","PostRunV2Action","PostRunTimerAction","EnableTelemetryScan","EnableWebProtection","EnableDynamicNotification"],"CompanyName":"Lavasoft","ConfigVersion":"v1","CurrentVersion":"9.3.0"}

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\DotNetZip-12iotvod.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):887
                                      Entropy (8bit):7.4756203385485325
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:BFB68293EDFF2E96E82A4258FFE73A61
                                      SHA1:3485FB90CB826D9A8F01C655E616873CE70374AB
                                      SHA-256:332FE17ACB0A6FA7DC6A4F6A2B1798199881455AB3D7F30134E1381E8DC524C0
                                      SHA-512:FA64BA854AD8BBE537EAD685968D7E2D058B29BA9C2C6F48DC94EDDA4A75883D808361D0E765145B7B928EABFADC0745FAE7A72FBAB1C69433B57198EC8F3CC7
                                      Malicious:false
                                      Reputation:low
                                      Preview:PK..........6XJ.T{..........$.FeatureActions.txt.. .........S...DM..S...DM..S...DM...n VA.7P...M.GQ...K.4.?5u.|.5hE.}.N......e]..z..r.".'...........y=...V..[...\2. i.^..vU..wq.N...u..>....%.lEU,%.......eC(.+..~'.W[p.N+..D...<{{.G.&......}.v.H.)..ol...R.!._..........'.*?..IJ..q..$.....>....2.L_.&^Yr.xv.g..l...v..T.wQ..{......Cg5...N/)\/.."..aL.\..\se]P.@..>.Z.*.btX7...Q.....o...[v.>...6.AT...5....X&..9].x..E...6.{(.~0..Gd_...DY>..y.b.M67"1.=.~<...U..#....]8WL"]...:..7...X..^(.....RF.c.:.{..^..%.t9.P...c.:9.m1k.2....En=[..%.x...G..H36g=.0......y..Y.z......... t....\B...@..T..S.......1.J.;.)P.z.U....?.r/...........W.{...E.c..c!>,.....n..C.*..0q.fj... .F....?...U.....y.pWI.H.;.Z.......>.;..n..5..N...%...1....j#..... ..^m<..5..X......PK..-.........6XJ.T{..........$...............FeatureActions.txt.. .........S...DM..S...DM..S...DM..PK..........d.........

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\DotNetZip-bs5asf2h.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):887
                                      Entropy (8bit):7.460046358088407
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:BF30623D278B772877C2C40E24AB9294
                                      SHA1:BD24732B40B149E08530AE3217AAE19182D7FD48
                                      SHA-256:40F8A9B2A9E03760375672FD4C58AB1B63DDCDFF74504CC5EF4D391BE6561842
                                      SHA-512:571386DB6D0CD1B19AAB54ADA2E175C02F32DC99C0CE2084941528829D5CB3BFC300330D912C4F5297149B3E2873613BFEC8B595CB3A77F747D970111B04D12E
                                      Malicious:false
                                      Reputation:low
                                      Preview:PK........v.FXJ.T{..........$.FeatureActions.txt.. ..........|T..Y...|T..Y...|T..Y.......9.#.......z.N../............3. Ur..:..q.$(..D.9'FQC3........F.E....8....Zn[."..9i.k........$i*../!R.....;.9.....LM..r...Gx.B...C.7.......x7ox..Ka...FK....'..v../..Q..LH.eLY.d...........{.,eM..z.:.{a........S1.V.P...q]F....A....<'V....H...e.y.......v.|.J.G...#..........o.U&.F.`.v.1..&i....w..'...!a3..\.P.`N..9.;....Z^..cN.4.$....|.5.\..g.Y...0.:...Cx.c.R..G*.huE...{5.y..H...^..O..A......w..1%E...o..xt.R..D...;...53^b,S.9..Q.)....&.x..LDk.y..........9Wt...(.....D.`W.r..;......S.M...3c.......Aj..g.V.....l...1nz.1.Q...d.....+..w.....*.@.,..OK.#.R9.4..K.-..K.Ei....-U.`.O...z..G..e{..Ze..o<..4`Rf..D..5..n...(<..cp'.;z."..*..`%8.... PK..-.......v.FXJ.T{..........$...............FeatureActions.txt.. ..........|T..Y...|T..Y...|T..Y..PK..........d.........

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\DotNetZip-r33snlxl.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):630
                                      Entropy (8bit):7.138768234466703
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:48EC701FE6A0F44046ED7934C53BF236
                                      SHA1:1BDAD52D94A2B17166F559BEE0F2FBCF0E1ADD44
                                      SHA-256:98CC93A2D7C0FB69ABA3C0B7AC0648544AF73BB9730AEF39F6D769360F90824E
                                      SHA-512:333ECF3FD48A284FE150BFADE5C6E49C99DC0302048AFE4F7D32E464ADDFA54661C1374B4687D42BBCC284F93262D142F23D355E8BB828B4FFBC7B8199223FAF
                                      Malicious:false
                                      Reputation:low
                                      Preview:PK.........rpW.f.'..........$.FeatureActions.txt.. ..............................gF.}.T.({..o.........5~s.9.5....K.\....u-v....(.ai.k4.........0pH.^.?...4.ni<,x.<...B.v.RJ.z......;....WQ...6Ho....B`%S/q....di(@.(.&..k..x-..u..Z.8.....R...q.h.*.q.].HU....M..^..../.X..Z...Pk~B..+.\m..I5y.*d.h.9.x.......l."....`. .)...y....i.....A.D2.J.!.f3N..#.$........M.......?{h..:....-UY....q..x.....n......q!Qs.e.$q.&....O.7^...T&.&..q.@.z/..... y.8....O.............TV.......Q....!X......z,'..7PK..-........rpW.f.'..........$...............FeatureActions.txt.. ..............................PK..........d.........

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\DotNetZip-t2bttfum.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):887
                                      Entropy (8bit):7.502162561741706
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:AA96139165EFB2B185BDB2AA24CE5E46
                                      SHA1:FCD07E6A2F6F0500DDB5F6388A65039D69E3C927
                                      SHA-256:52CA53F66AA2988B8376EDD9B85F487B2BAE986A0D901D8AC4FD6EEE64558359
                                      SHA-512:A070505D13D495C3BBA1C232AD7BB7482AC28C2DB262C80FBE3E27FF2769C423925757EA7A16930B21438D7A840520212B0B4370C046F15EEB82AFCF503EEE45
                                      Malicious:false
                                      Reputation:low
                                      Preview:PK..........'XJ.T{..........$.FeatureActions.txt.. ..........x..zA...x..zA...x..zA...TkQ.e.=Oy..Ji<Wn.aS`Mf...\Y.r.h.O.hj.,..!....A<.0G."9C.".QKU..C%..r.N.Z..|3...*.m.....Is.....d..56..)M.bbdtQ.N7......_/G......XjZ.@t...2..*_..7.[5]...>-.@..Rc.OA...`...0n8...[.....#Z..:...}}m.fZ.\.D....5...F.L...cn...%.9....L....^.(...b.E..~..W.@.U ...7.2E.Px.V.g....5.z}.._.\....Y.E4..C.R...0.aB.......D.uMg......"..x....5.&......Z...(1...t.8..A....|..BM..f`{..x.)U.|...7...z..,g^........;.+ho...9.....[.m.rm>..ii=.#.DV....v....*.y.6Ou.7..O... %j."......m_.........V.2....nqy.#.m..x.`.z.zizh.J).0.}....7.H<..uM.,.?.F.J....H..JbQ.....B..7.l..mO...j's...7.I..p1b...B1a.c*.iQ.-.x._.D8/.n,..4[..8..@&.'/..+....5.Z..S.i../wO@....gf^.Ud..1.p=U.Y.PK..-.........'XJ.T{..........$...............FeatureActions.txt.. ..........x..zA...x..zA...x..zA..PK..........d.........

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\DotNetZip-tyipsbz2.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):887
                                      Entropy (8bit):7.466891166520101
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:34D6E9779BA7A4B40BB0F39140534089
                                      SHA1:4219E085DEDF457B64D0F135AF2C436DF36CAA63
                                      SHA-256:860C7C0C96DEDBC024530C19A68208104AB87D06478AD5AFA5A348BF56BDF90C
                                      SHA-512:C1C29C3000B5F60B12DBCC40B6DAD01D4214690226B299B074E2D7B715DCC8A6AA03D9C64FFCBF7917C2B8C7B8859714F903FD1AF60480D84B1A457AFEF9F044
                                      Malicious:false
                                      Reputation:low
                                      Preview:PK.........~.WJ.T{..........$.FeatureActions.txt.. ...........8dA7....8dA7....8dA7...+n....S...=..epn...=.a.n...Sa._..kq)J.........G. .l.2.b)..X.A.\......3.?.:.M.w..h.m.p.dZp.f$N....h.H..e&.Xu@p.K:.L..b.=*.).......c...^Hq....Q....O..W.b.....z.<.....0..U .[t.t..l.."....d./.^...4BT.?.....n.q..D.V.....xFF7..^../...a..._._.F....-.B.<.._n....v.=x.......>.H...D.\0k../.w..=.rg@.0.]...(ST(Nv`...p...E.IP....N.w...^..8.w....5..U..H[7..|.d..J.(S..&..Jl.N......{.....;....J.a.5..$.@.h..d..(.MZb@.......M..\.Z E...M?aY..c..x.F..FJ.b_g...[.M.V.......I.eq...e..B.dc.2B..j...Y..N...L..6..c.....7X..H6.l._4..%..."W.i.......L..C..t...)..o.....G.g...$#7...d..Xf...40W.!......U.".h.f.X.b.0........7...._.J..B.E7X)Y.VD..F,.D..x......1...@'..-.O<.PK..-........~.WJ.T{..........$...............FeatureActions.txt.. ...........8dA7....8dA7....8dA7..PK..........d.........

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\DotNetZip-ypfcx4gh.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                      Category:dropped
                                      Size (bytes):402
                                      Entropy (8bit):6.418387096259324
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:610DD76E40380D1DE243C1FB592A9C19
                                      SHA1:3005AC678BDC104D552ACF9280B2B17886537ED2
                                      SHA-256:9B798AD6A633C98F091DDBA7F6CA65A4826D8FF7D19A2F4A6F1421044E5B4463
                                      SHA-512:41B5B82E7FE452B54412AF90DDB7DBBCE7D845644F019B00909B1CE9AE900EDC621A1314B522B12E7580F432D0107BD2BF6CFCC12AF417171AC1754DB913F95B
                                      Malicious:false
                                      Reputation:low
                                      Preview:PK.........rpW.......G.....$.ActiveFeatures.txt.. .............................. a>a.Fh-.T.R...."]e.......=.B....i..O...&........K~..y..x.6E.GY.et.0......D..&.1).`[#.b.N.z.'a.4..C.^.............(H.Z..."7j.^....a.S.7........h\...}.4.......yt.=.R...A.....L.;er..5qPK..-........rpW.......G.....$...............ActiveFeatures.txt.. ..............................PK..........d.........

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\EventSafeguard.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):2
                                      Entropy (8bit):1.0
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:81051BCC2CF1BEDF378224B0A93E2877
                                      SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                      SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                      SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                      Malicious:false
                                      Reputation:low
                                      Preview:..

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\FData.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):640
                                      Entropy (8bit):4.508013939950468
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7CA76E648D2E1CDF94B795909ADAF181
                                      SHA1:8DC820B354CD397FEC259EF48222F468701C5BE2
                                      SHA-256:80AD06905B1F955F61EF4DC7154641DE421F2FB57043ACC1BF7C14D8215F3857
                                      SHA-512:A8469807E1A43457B93153DD40D320F4269C7E3E6AA3A44E52DE685FC47792D4F837AD9751567BDAAF5A26311A97B9858E3380B4F624C620A4A7DE176FF13CF6
                                      Malicious:false
                                      Reputation:low
                                      Preview:[.. {.. "Search": "Google",.. "Homepage": "about:home",.. "IsOur": false,.. "SetDate": "05/11/2025",.. "Trigger": "User",.. "RemoveDate": "09/04/2025",.. "Age": 116,.. "IsCurrent": false.. },.. {.. "Search": "Google",.. "Homepage": "about:home",.. "IsOur": false,.. "SetDate": "09/04/2025",.. "Trigger": "User",.. "RemoveDate": "02/01/2026",.. "Age": 150,.. "IsCurrent": false.. },.. {.. "Search": "Google",.. "Homepage": "about:home",.. "IsOur": false,.. "SetDate": "02/01/2026",.. "Trigger": "User",.. "RemoveDate": null,.. "Age": 0,.. "IsCurrent": true.. }..]

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\Language.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):20
                                      Entropy (8bit):3.5219280948873624
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:3E682EB51BAEE9F27B0775287510AC6E
                                      SHA1:0C62C14B2D05AF414CDC225DB43B60E79EC7B280
                                      SHA-256:05A960000C74CA2F31FAC1800E5156E2E4D04A78873F005218AEEB8FBACBBFF6
                                      SHA-512:885FFE4359BF0FD7793B304312C7C6C3E36E767490D0EE542BE5B41A74E8C4A2567C4929BB0C4BF8021A3F07ED97CF05F3FEAC224B79BD76A0AAC9F3B1BD3A06
                                      Malicious:false
                                      Reputation:low
                                      Preview:{..."lang" : "en"..}

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\ProfileInfo.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):87
                                      Entropy (8bit):4.616474642224776
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D42DD958F33248974E1F8D3D9D0B2A39
                                      SHA1:4CB5A668CBB4623952BB87F3026FBD67D499DFC4
                                      SHA-256:F8E4D37CFA1E7D1E92B5FCB46B779CD9E95AE02EA56E376C104D504ABE6870C2
                                      SHA-512:41C6EBC2FECDF1EA98CF95C112FA2B08DC5FB9A06DBCC18CB68FACC58F538C755DA83ACE520AD2EAB822517421794E39C1608416F3B41AFB1BB1337217BCE045
                                      Malicious:false
                                      Reputation:low
                                      Preview:profile=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles/sp4c0p22.default-release

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\UpdateServer.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):26
                                      Entropy (8bit):3.9312089489103226
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:CF85989B75515FF6CBAAA6DD23D3882A
                                      SHA1:3FBBECBCC28E2D4DE5764388BC544DB47AE9957D
                                      SHA-256:50E3BD90035CA49B3C57050681449C20953F4EFE5711BF4E02E23F2B63968388
                                      SHA-512:77AC3FA88B08C136C29B907CB1C9B096EE7F97BDE3EC8D6C9382CA9E74060A065EF9AEFC488A5319E9D1570522056584250BE7ABD5ED582E8B4D16F4143E7527
                                      Malicious:false
                                      Reputation:low
                                      Preview:{..."platform" : "prod"..}

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):308
                                      Entropy (8bit):4.726273380036389
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:0CB1CC6EBD3113FFA4D08CB8E611B0C1
                                      SHA1:C084178A890875D41C400E8950537E1F8A58A50F
                                      SHA-256:B578EC7CFE4CDF6690C83DAA66B068FC585A8B35FC3A8722E29F2DC0FABB26E2
                                      SHA-512:C86F4C9A16249313E1A4E0561DC6241E931C5D382A830B64E3AA9D1447734716417BC2F08E4860EDC0D2945CC5091170B90039194C90985395D33A36662FFFEC
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"Version":"3.0.2.12","FilePath":"https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip","BlackList":"https://acs.lavasoft.com/api/v2/url/blacklist","WhiteList":"https://acs.lavasoft.com/api/v2/url/permanentwhitelist","DisplayName":"Web Protection","FeatureName":"WebProtection"}

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\b_search.json

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):700
                                      Entropy (8bit):4.727166525039482
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:359CCE9C2DF62868BF4096E887993CB7
                                      SHA1:F3683EE9E7ED5CFC3570D9AAF769EEF6F4FA3A95
                                      SHA-256:FCD6CEBFE6E9D8BDDF1C4B09771D7D849F2FDC105F991337E45D6AA82F33B627
                                      SHA-512:A5E99FA8AA18E6A7CEB7CFB0C99DC99B606567AD1DDC3BF5AB81D18502F513A9D96D264552F81508317778216B4A4360D87E96AFF302CC7F7FE1DF92C59A6737
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"version":9,"engines":[{"id":"google@search.mozilla.orgdefault","_name":"Google","_isAppProvided":true,"_metaData":{}},{"id":"amazondotcom@search.mozilla.orgdefault","_name":"Amazon.com","_isAppProvided":true,"_metaData":{}},{"id":"wikipedia@search.mozilla.orgdefault","_name":"Wikipedia (en)","_isAppProvided":true,"_metaData":{}},{"id":"bing@search.mozilla.orgdefault","_name":"Bing","_isAppProvided":true,"_metaData":{}},{"id":"ddg@search.mozilla.orgdefault","_name":"DuckDuckGo","_isAppProvided":true,"_metaData":{}}],"metaData":{"useSavedOrder":false,"locale":"en-US","region":"default","channel":"release","experiment":"","distroID":"","appDefaultEngineId":"google@search.mozilla.orgdefault"}}

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\install.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):165
                                      Entropy (8bit):4.170978774397561
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:3CA1CFA3E7FECBD3A3A49F70C4A6861C
                                      SHA1:FC5BE61B006870337B226F4142ADD47300FF608A
                                      SHA-256:4951E2CAC9CFFE384EC3CA07538C879683461EC632A1B3CF67B1C31F73800C25
                                      SHA-512:6531FD15B5D21144CE52186B96DAB2E8374B57338F58F6A423A0B67DECBAFE6AB70B4EF3750FE2BBA5DE1D1B3327326C3D4B4F7414307CF445B57A427B116BEE
                                      Malicious:false
                                      Reputation:low
                                      Preview:{..."homepage" : 1,.. "search" : 1,.. "browserhomepage" : "",.. "browsersearch" : "",.. "installbrowser" : "false",.. "setdefaultbrowser" : "false"..}

                                      C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Options\partner.txt

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\7zS855E9B1B\WebCompanionInstaller.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):59
                                      Entropy (8bit):4.374274939875552
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:69789A51304C384FB9341B35C7646BB7
                                      SHA1:7EDF8B34948FC5CFA807B1AD6C4DE1ADF6506919
                                      SHA-256:533E85C4EBA3F50B100CB0DF4DCB394529EF2955BAD41EC4F9C0EEFE114B0369
                                      SHA-512:ACB974FEE5CCA0B6F53C776EE7255BE0114B984C00367D06A53A7CAB02148004426B0EC996D0215DCF47D39C1AD0A139B5CAC032ED0697EB376EB271CAB16063
                                      Malicious:false
                                      Reputation:low
                                      Preview:{..."partner" : "IN220101",..."campaign" : "18282981021"..}

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:MS Windows 95 Internet shortcut text (URL=<http://webcompanion.com/faq>), ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):162
                                      Entropy (8bit):4.882741705656816
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:9190EA55ABD4014BB81D5713A8E49F43
                                      SHA1:5DBAD352341FE26BC7CDE37E211963877BCB00C2
                                      SHA-256:ED19D0FDBEB2AB44D988615BDE9CB967F9D4D2BB332947FFE0AA519252AE97BE
                                      SHA-512:9B84F302EAB8C425D38B30E3F92DE792E0DCC455DB3232788A4B6D026E25FD7CB74D46F46649DAA7E5ED19A4E6113D592D8FAF7F003724F4E16FD27AD04D6304
                                      Malicious:false
                                      Reputation:low
                                      Preview:[InternetShortcut]..URL=http://webcompanion.com/faq..IconIndex=0..IconFile=C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanionIcon.ico..

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Thu Nov 16 12:21:36 2023, mtime=Thu Nov 16 12:21:43 2023, atime=Thu Nov 16 12:21:36 2023, length=9677640, window=hide
                                      Category:dropped
                                      Size (bytes):2201
                                      Entropy (8bit):3.7164709263788014
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:7D6CD2B14275DE13B22D42CA2DE0A35D
                                      SHA1:C98F94E71EDBD3738CEF6C829CDBA0812C2A261F
                                      SHA-256:BC603549AE3C712C2CF09D825E563F40247FA3C262705C376456D9C1497AAE6F
                                      SHA-512:0E8D21F1A1B4550EEAF9240D549EC03719C43343DCED9B79000CF33B13D5B5ED7243D322A2643776197467E7729477FA4CF4A95313D93A6E19CEBB7A0B9ABAD9
                                      Malicious:false
                                      Reputation:low
                                      Preview:L..................F.@.. ....i............PC....H.........................:..DG..Yr?.D..U..k0.&...&.........{4.......9...%b.........t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.HpW.j..............................A.p.p.D.a.t.a...B.V.1.....pW.j..Roaming.@......FW.HpW.j..........................oK..R.o.a.m.i.n.g.....Z.1.....pW.j..Lavasoft..B......pW.jpW.j....wU....................oK..L.a.v.a.s.o.f.t.....d.1.....pW.j..WEBCOM~1..L......pW.jpW.j.............................W.e.b. .C.o.m.p.a.n.i.o.n.....`.1.....pW.j..APPLIC~1..H......pW.jpW.j.........................."8..A.p.p.l.i.c.a.t.i.o.n.....n.2.H...pW.j .WEBCOM~1.EXE..R......pW.jpW.j.........................VL..W.e.b.C.o.m.p.a.n.i.o.n...e.x.e.......................-.....................*.....C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe....W.e.b. .C.o.m.p.a.n.i.o.n.E.....\.....\.....\.....\.....\.....\.L.a.v.a.s.o.f.t.\.W.e.b. .C.o.m.p.a.n.i.o.n.\.A.p.p.l.i.

                                      C:\Windows\assembly\Desktop.ini

                                      Download File
                                      Process:C:\Users\user\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
                                      File Type:Windows desktop.ini
                                      Category:dropped
                                      Size (bytes):227
                                      Entropy (8bit):5.2735028737400205
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F7F759A5CD40BC52172E83486B6DE404
                                      SHA1:D74930F354A56CFD03DC91AA96D8AE9657B1EE54
                                      SHA-256:A709C2551B8818D7849D31A65446DC2F8C4CCA2DCBBC5385604286F49CFDAF1C
                                      SHA-512:A50B7826BFE72506019E4B1148A214C71C6F4743C09E809EF15CD0E0223F3078B683D203200910B07B5E1E34B94F0FE516AC53527311E2943654BFCEADE53298
                                      Malicious:false
                                      Reputation:low
                                      Preview:; ==++==..; ..; Copyright (c) Microsoft Corporation. All rights reserved...; ..; ==--==..[.ShellClassInfo]..CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}..ConfirmFileOp=1..InfoTip=Contains application stability information...

                                      \Device\ConDrv

                                      Download File
                                      Process:C:\Windows\SysWOW64\netsh.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):40
                                      Entropy (8bit):4.196439344671015
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:2D66423AB0CF1EB6EE1934C24641F0B3
                                      SHA1:73CE8641508CF515377BCDDBC8CFBC80B2C9420D
                                      SHA-256:B50C0DC00937BBDFBDD727F661A97B07A1B388C3AC02FA23249B9ED10248BC3D
                                      SHA-512:99022D52F317E8B66665488DE2B609CADE51AB97411F79920CC7AD70B6857B306172281D0E41CD7FBF8FEDEBE095F575001CCCE564ED27554E9279D2C572A2BA
                                      Malicious:false
                                      Reputation:low
                                      Preview:..URL reservation successfully added....

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Entropy (8bit):7.673267624793489
                                      TrID:
                                      • Win32 Executable (generic) a (10002005/4) 99.40%
                                      • InstallShield setup (43055/19) 0.43%
                                      • Windows Screen Saver (13104/52) 0.13%
                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                      • DOS Executable Generic (2002/1) 0.02%
                                      File name:setup.exe
                                      File size:566'584 bytes
                                      MD5:9dcbe10dc787bde1e69fca29878e6083
                                      SHA1:6693bc9d31cd96c37bc81c9d49fec7f0948a56fe
                                      SHA256:928dba830954eca52d25b94bc36c2e5d24b332a2cbfa8cd38802258caaa9d2c4
                                      SHA512:e615e997457e2ad6783ccf648fd15edbbfd26cd7eb5ca333ee492f9360d94287e5ff700252903b9f20a67c0791779912f0e54c7a818a251416a693d3a3ea0ac7
                                      SSDEEP:12288:oG5knZfFKeX5bTUoaws89d99m7pSRGzDP5SAkG:oG50ZfFKgFL9m7e2jUW
                                      TLSH:3EC401113EE5C8B6D5810031C9656FA1E2FAFE560E11486333997E3E3F7E992C231A5A
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L......M...

                                      File Icon

                                      Icon Hash:8011090b07071616

                                      Static PE Info

                                      General

                                      Entrypoint:0x4148d4
                                      Entrypoint Section:.text
                                      Digitally signed:true
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                      DLL Characteristics:
                                      Time Stamp:0x4DAC88CE [Mon Apr 18 18:54:06 2011 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:e00de6e48b9b06aceb12a81e7bf494c9

                                      Authenticode Signature

                                      Signature Valid:true
                                      Signature Issuer:CN=Entrust Extended Validation Code Signing CA - EVCS2, O="Entrust, Inc.", C=US
                                      Signature Validation Error:The operation completed successfully
                                      Error Number:0
                                      Not Before, Not After
                                      • 20/02/2023 19:09:57 20/02/2024 19:09:57
                                      Subject Chain
                                      • CN=Lavasoft Software Canada Inc., SERIALNUMBER=709505-8, OID.2.5.4.15=Private Organization, O=Lavasoft Software Canada Inc., OID.1.3.6.1.4.1.311.60.2.1.3=CA, L=Saint-Laurent, S=Quebec, C=CA
                                      Version:3
                                      Thumbprint MD5:79557A8E79BEDC7988A12974BD520169
                                      Thumbprint SHA-1:E62CA9DC614F7B8E3DC4C7E7E8D0D87A79DD13FA
                                      Thumbprint SHA-256:C9ED3A5ABAFC7367A3FD190A6BE1FB95D9E7C2D3FB4FD2681E45D6ACD5F1142F
                                      Serial:74EF4A34E9A06529277ECE07392AF2E5
                                      Instruction
                                      push ebp
                                      mov ebp, esp
                                      push FFFFFFFFh
                                      push 0041B9E8h
                                      push 004147FCh
                                      mov eax, dword ptr fs:[00000000h]
                                      push eax
                                      mov dword ptr fs:[00000000h], esp
                                      sub esp, 58h
                                      push ebx
                                      push esi
                                      push edi
                                      mov dword ptr [ebp-18h], esp
                                      call dword ptr [0041B078h]
                                      xor edx, edx
                                      mov dl, ah
                                      mov dword ptr [004233F0h], edx
                                      mov ecx, eax
                                      and ecx, 000000FFh
                                      mov dword ptr [004233ECh], ecx
                                      shl ecx, 08h
                                      add ecx, edx
                                      mov dword ptr [004233E8h], ecx
                                      shr eax, 10h
                                      mov dword ptr [004233E4h], eax
                                      push 00000001h
                                      call 00007FB89891FD9Bh
                                      pop ecx
                                      test eax, eax
                                      jne 00007FB89891EF0Ah
                                      push 0000001Ch
                                      call 00007FB89891EFC8h
                                      pop ecx
                                      call 00007FB89891F84Dh
                                      test eax, eax
                                      jne 00007FB89891EF0Ah
                                      push 00000010h
                                      call 00007FB89891EFB7h
                                      pop ecx
                                      xor esi, esi
                                      mov dword ptr [ebp-04h], esi
                                      call 00007FB8989219BCh
                                      call dword ptr [0041B07Ch]
                                      mov dword ptr [00425A5Ch], eax
                                      call 00007FB89892187Ah
                                      mov dword ptr [00423360h], eax
                                      call 00007FB898921623h
                                      call 00007FB898921565h
                                      call 00007FB898920FC0h
                                      mov dword ptr [ebp-30h], esi
                                      lea eax, dword ptr [ebp-5Ch]
                                      push eax
                                      call dword ptr [0041B080h]
                                      call 00007FB8989214F6h
                                      mov dword ptr [ebp-64h], eax
                                      test byte ptr [ebp-30h], 00000001h
                                      je 00007FB89891EF08h
                                      movzx eax, word ptr [ebp+00h]
                                      Programming Language:
                                      • [ C ] VS98 (6.0) SP6 build 8804
                                      • [C++] VS98 (6.0) SP6 build 8804
                                      • [ C ] VS2010 build 30319
                                      • [ASM] VS2010 build 30319
                                      • [EXP] VC++ 6.0 SP5 build 8804
                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1e9ac0x64.rdata
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x270000x71cc.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x872600x32d8
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x1b0000x200.rdata
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x10000x197c00x19800False0.5831609987745098DOS executable (COM)6.60822715389085IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rdata0x1b0000x44900x4600False0.312109375data4.383775518811042IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .data0x200000x5a680x3200False0.123828125data1.3793356235333818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .sxdata0x260000x40x200False0.02734375data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .rsrc0x270000x71cc0x7200False0.3920641447368421data4.657579755868766IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0x273540x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.37231182795698925
                                      RT_ICON0x2763c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5472972972972973
                                      RT_ICON0x277640x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2833 x 2833 px/m0.3200354609929078
                                      RT_ICON0x27bcc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2833 x 2833 px/m0.23688524590163934
                                      RT_ICON0x285540x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2833 x 2833 px/m0.1721388367729831
                                      RT_ICON0x295fc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2833 x 2833 px/m0.1241701244813278
                                      RT_ICON0x2bba40x1a7bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9648915769287506
                                      RT_DIALOG0x2d6200xb8dataEnglishUnited States0.6684782608695652
                                      RT_STRING0x2d6d80x94dataEnglishUnited States0.668918918918919
                                      RT_STRING0x2d76c0x34dataEnglishUnited States0.6538461538461539
                                      RT_GROUP_ICON0x2d7a00x4cdata0.8289473684210527
                                      RT_GROUP_ICON0x2d7ec0x22dataEnglishUnited States1.0
                                      RT_VERSION0x2d8100x33cdataEnglishUnited States0.4396135265700483
                                      RT_MANIFEST0x2db4c0x67fexported SGML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3692122669873722
                                      DLLImport
                                      OLEAUT32.dllVariantClear, SysAllocString
                                      USER32.dllSendMessageA, SetTimer, DialogBoxParamW, DialogBoxParamA, SetWindowLongA, GetWindowLongA, SetWindowTextW, LoadIconA, LoadStringW, LoadStringA, CharUpperW, CharUpperA, DestroyWindow, EndDialog, PostMessageA, ShowWindow, MessageBoxW, GetDlgItem, KillTimer, SetWindowTextA
                                      SHELL32.dllShellExecuteExA
                                      KERNEL32.dllGetCurrentDirectoryA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, InterlockedIncrement, InterlockedDecrement, GetProcAddress, GetOEMCP, GetACP, GetCPInfo, IsBadCodePtr, IsBadReadPtr, GetFileType, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, GetCurrentProcess, TerminateProcess, IsBadWritePtr, HeapCreate, HeapDestroy, GetEnvironmentVariableA, SetUnhandledExceptionFilter, TlsAlloc, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, WaitForSingleObject, CloseHandle, CreateProcessA, GetCommandLineW, GetVersionExA, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, MultiByteToWideChar, WideCharToMultiByte, GetLastError, LoadLibraryA, GetModuleFileNameW, GetModuleFileNameA, LocalFree, FormatMessageW, FormatMessageA, SetFileTime, CreateFileW, SetLastError, SetFileAttributesW, SetFileAttributesA, RemoveDirectoryW, RemoveDirectoryA, CreateDirectoryW, CreateDirectoryA, DeleteFileW, DeleteFileA, GetFullPathNameW, GetFullPathNameA, SetCurrentDirectoryW, SetCurrentDirectoryA, GetCurrentDirectoryW, GetTempPathW, GetTempPathA, GetCurrentProcessId, GetTickCount, GetCurrentThreadId, FindClose, FindFirstFileW, FindFirstFileA, FindNextFileW, FindNextFileA, CreateFileA, GetFileSize, SetFilePointer, ReadFile, WriteFile, SetEndOfFile, GetStdHandle, WaitForMultipleObjects, Sleep, VirtualAlloc, VirtualFree, CreateEventA, SetEvent, ResetEvent, InitializeCriticalSection, RtlUnwind, RaiseException, HeapAlloc, HeapFree, HeapReAlloc, CreateThread, TlsSetValue, TlsGetValue, ExitThread

                                      Possible Origin

                                      Language of compilation systemCountry where language is spokenMap
                                      EnglishUnited States